Main » Articles » Web Hacking » Exploits and Vulenrablities |
WordPress tdo Mini (Plugin) ~ File Upload Vulnerability
Author: MaX-HaCker Today I'll tell you one more file upload vulnerability of Wordpress. This vulnerability occurs in tdo Mini plugin of Wordpress.
Lets Start First find some vulnerable sites by using Google Dorks inurl:”plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1" After getting a vulnerable site, upload your file. It would look something like this To access your uploaded file change the url from http://www.example.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php to http://www.example.com/wp-content/uploads/tdomf/tmp/1/ If the site is vulnerable, then it will open something like this These are the ip addresses, to access your uploaded file click on your ip address. After that it will show your uploaded file like this Boom! Now you are successfully done. And you can also upload shell by changing the extension of the shell from shell.php to shell.php;.jpg. | |
Views: 2554 | Comments: 25 | Rating: 5.0/1 |
Total comments: 6 | |||||||
| |||||||