WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload

EDB-ID:

28452


Platform:

PHP

Date:

2013-09-22


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

#######################################################################
# Exploit Title :  Wordpress Lazy SEO plugin Shell Upload Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork: : inurl:/wp-content/plugins/lazy-seo/
#
# Date: 2013/09/21
#
# Vendor Homepage : http://wordpress.org/plugins/lazy-seo
#
# Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
#
# Version : 1.1.9
#
# Tested on: Windows
#
##############
#
#Location: Site/wp-content/plugins/lazy-seo/lazyseo.php
#
##############
#1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
#2.Click on Browse...
#3.Select Shell Code
#3.Complete the fields
#4.Press Enter
#5.Shell Address : wp-content/plugins/lazy-seo/Shell.php
##############
#
# Discovered By : ACC3SS
#
##############