WordPress Plugin Responsive Thumbnail Slider 1.0 – Arbitrary File Upload

• Exploit Database
• 112 阅读

• 作者： Arash Khazaei
  日期： 2015-08-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/37998/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

  # Exploit Title: WordPress Responsive Thumbnail Slider Arbitrary File Upload # Date: 2015/8/29 # Exploit Author: Arash Khazaei # Vendor Homepage: <blockquote class="wp-embedded-content" data-secret="dIXrNr6wIr"><a href="https://wordpress.org/plugins/wp-responsive-thumbnail-slider/" target="_blank"rel="external nofollow" class="external" >Thumbnail carousel slider</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Thumbnail carousel slider” — Plugin Directory" src="https://wordpress.org/plugins/wp-responsive-thumbnail-slider/embed/#?secret=qj9nRj58re#?secret=dIXrNr6wIr" data-secret="dIXrNr6wIr" frameborder="0" marginmarginscrolling="no"></iframe> # Software Link: https://downloads.wordpress.org/plugin/wp-responsive-thumbnail-slider.zip # Version: 1.0 # Tested on: Kali , Iceweasel Browser # CVE : N/A # Contact : http://twitter.com/0xClay # Email : 0xclay@gmail.com # Site : http://bhunter.ir   # Intrduction :   # WordPress Responsive Thumbnail Slider Plugin iS A With 6000+ Active Install # And Suffer From A File Upload Vulnerability Allow Attacker Upload Shell As A Image . # Authors , Editors And Of Course Administrators This Vulnerability To Harm WebSite .   # POC :   # For Exploiting This Vulnerability :   # Go To Add Image Section And Upload File By Self Plugin Uploader # Then Upload File With Double Extension Image # And By Using A BurpSuite Or Tamper Data Change The File Name From Shell.php.jpg To Shell.php # And Shell Is Uploaded . :)       <!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->