WordPress Easy Comment Plugin- Remote File Upload Vulnerability Tutorial

Today im gonna tell you one more WordPress, file upload vulnerability, which occurs in Easy Comment Plugin.
So now lets begin:-

• Firstly, you have to find some vulnerable sites, using Google Dork:- inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php.
• You will get many vulnerable sites, I have already one, your vulnerable site would look something like this http://www.example.com/wp-content/plugins/easy-comment-uploads/upload-form.php .
  
  
• Then upload your deface page or image or any thing you want, but in some sites you can only upload limited numbers of file types.
• Then, to find your uploaded file go to http://www.example.com/wp-content/uploads/, it would look, similar to this. If doesn't, then try with another site.
  
  
• After that, open the year directory. In my case, I uploaded the file in 2012, so i'll open 2012.
• Then after that select the month.
  
  
• Then select open your uploaded file.
• BANG !! Now you have successfully done.

Live Demo:- 

• First Step Upload your file  http://www.roflsiri.com/wp-content/plugins/easy-comment-uploads/upload-form.php
• Then access your uploaded file  http://www.roflsiri.com/wp-content/uploads/2012/07/web_ruler.txt

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!