WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload

Author: Ashiyane Digital Security Team
type: webapps
platform: php
port: 
date_added: 2013-09-22 
date_updated: 2013-09-22 
verified: 1 
codes: CVE-2013-5961;OSVDB-97662 
tags: WordPress Plugin
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comlazy-seo.1.1.9.zip

#######################################################################
# Exploit Title :  Wordpress Lazy SEO plugin Shell Upload Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork: : inurl:/wp-content/plugins/lazy-seo/
#
# Date: 2013/09/21
#
# Vendor Homepage : http://wordpress.org/plugins/lazy-seo
#
# Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
#
# Version : 1.1.9
#
# Tested on: Windows
#
##############
#
#Location: Site/wp-content/plugins/lazy-seo/lazyseo.php
#
##############
#1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
#2.Click on Browse...
#3.Select Shell Code
#3.Complete the fields
#4.Press Enter
#5.Shell Address : wp-content/plugins/lazy-seo/Shell.php
##############
#
# Discovered By : ACC3SS
#
##############