Home » Praktek » WordPress Editor Monkey suffers from a remote shell upload vulnerability

Sabtu, 10 November 2012

1
WordPress Editor Monkey suffers from a remote shell upload vulnerability


WordPress Editor Monkey suffers from a remote shell upload vulnerability.

 wah keren nih si kaMtiEz dah lama g jalan2 di packet storm, tadi lagi jalan2 di packet storm
dapet ginian, lumayan bwt tambah pengalaman hehehe...
langsung aja cekidot!!!


http://packetstormsecurity.org/files/101421/WordPress-EditorMonkey-2.5-Shell-Upload.html

skr praktek :
dork google ==> inurl:/plugins/editormonkey/

[ Vulnerable File ]
[patch]/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html

[ Shell ]
[patch]/UserFiles/file-yg-km-upload.txt

[ demo ]

http://ideashaveconsequences.org/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html


yang hoby deface dan mau masuk urutan teratas zone-h pake ini biar cpt dpt korban
mumpung para adminnya blm pada patch sitenya ;))


nb:
Select the "File Uploader" to use:
==> ganti dengan PHP

Upload a new file:
==> browse dmn file km di simpen, td ane pm kaMtiEz sih katanya .txt

tp saya coba htm masuk nih http://ideashaveconsequences.org/UserFiles/index.htm

kl ada tulisan kek gini:
Warning: move_uploaded_file(xxxxxxxxxxxxxxxxxxxxxxxxxx
==>anda blm beruntung, coba lagi =)) anda berarti g bs di upload file
Publish By alharistm on Kategory :

1 komentar:

alharistm mengatakan...

test

Jumat, 09 November, 2012

Posting Komentar

◄ Newer Post Older Post ►
Langganan: Posting Komentar (Atom)

Arsip Blog

 

Copyright 2012 Cyber Defacer Seo Elite by BLog BamZ | Blogger Templates

Thanks to all Defacer Indonesia :)