header-logo
Suggest Exploit
vendor:
Wp-FileManager
by:
H-T TeaM {HouSSaMix _ ToXiC350}
8.8
CVSS
HIGH
Remote File Upload Vulnerability
N/A
CWE
Product Name: Wp-FileManager
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:wordpress:wp-filemanager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Wordpress
2008

WordPress Plugin Wp-FileManager Remote File Upload Vulnerability

This file allowed you to upload directly a PHP script or anything you want it. You have just to enter into http://[TARGEt]/[path_wordpress]/wp-content/plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php. After uploading you evil script you will find it in this directory http://[TARGEt]/[path_wordpress]/uploaded/[evil].(php). HeRe we are some dorks: plugins/wp-filemanager/ inurl:/wp-filemanager/

Mitigation:

Update the plugin to the latest version and ensure that all plugins are up to date.
Source

Exploit-DB raw data:

######################################################################################
# AUTHOR : H-T TeaM {HouSSaMix _ ToXiC350}                                           #
# HOME : http://no-hack.net                                                          #
# Script :  Wordpress Plugin Wp-FileManager                                          #
# Download : http://downloads.wordpress.org/plugin/wp-filemanager.1.2.zip            #                            
# BUG :  Remote File Upload Vulnerability [ Shell Upload Exploit  ]                  #
######################################################################################

(~)| 3xpl0it4t10n :

		This file allowed you to upload directly a PHP script or anything you want it

		You have just to enter into :

			http://[TARGEt]/[path_wordpress]/wp-content/plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php

		After uploading you evil script you will find it in this directory :

			http://[TARGEt]/[path_wordpress]/uploaded/[evil].(php)


		HeRe we are some dorks :

          plugins/wp-filemanager/ 
          inurl:/wp-filemanager/




# greezt : GoLd_M , RoMaNcYxHaCkEr , DDos , and all muslims Hackers 



######################################################################################
#                  H-T TeaM {HouSSaMix _ ToXiC350}                                   #
######################################################################################

# milw0rm.com [2008-01-06]

Navigation

Suggest Exploit

Services By CQR