WordPress WPtouch Mobile 3.4.5 Shell Upload

WordPress WPtouch Mobile 3.4.5 Shell Upload: Posted Aug 26, 2014; Authored by Don Tukulesto, k4L0ng666 | Site indonesiancoder.com; WordPress WPtouch Mobile plugin version 3.4.5 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | 7edb381dc99e6e071b376894e47673e6a5d4a2b0f2bbc8d49710cecd99b9eb26; Download | Favorite | View

WordPress WPtouch Mobile 3.4.5 Shell Upload

Wordpress WPtouch Mobile Plugin File Upload Vulnerability

=================================


====================
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/    \/   --X--
 Don Tukulesto      /     /  /__/  /__/  /  /  /__/  /__/| 
                   /  /  /  /  /  /  /   __/__   /__   / :
                  /__/__/\____/\____/\____/  /  /  /  /
                   www.indonesiancoder.com\____/\____/                                    
                       73 78 68 79 78 69 83 73 65 78  67 79 68 69 82



Found by  : k4L0ng666 (k4L0ng666@indonesiancoder.com)

Submited by  : Don Tukulesto (root@indonesiancoder.com)

Homepage  : http://indonesiancoder.com

Published  : August 26, 2014

Tested On  : OS X 10.9.4

=================================


====================

==================
| Software Info |==================



[>] Download      : http://downloads.wordpress.org/plugin/wptouch.3.4.5.zip

[>] Software      : WPtouch Mobile Plugin - Wordpress Plugin

[>] Plugin Version  : 3.4.5

[>] Vulnerability  : File upload



I. Proof of Concept

=================================


====================
You can execute any .php code into uploader, then you can find the backdoor at /wp-content/wptouch-data/



See Image below

II. Vendor patch

=================================


====================
Currently manufacturers do not provide patches or upgrades. 
Because it’s the new version. \m/


=================================


====================

WE ARE ONE UNITY, WE ARE A CODER FAMILY AND WE ARE INDONESIAN CODER



[>] Malang Cyber Crew ~ Magelang Cyber ~ Exploit-ID ~ Kill-9 Crew ~ Jatimcom




“People should not be afraid of their governments. Goverments should be afraid of their people.” -V


“Knowledge, like air, is vital to life. Like air, no one should be denied it.” 

~(^_^)~
=================================


====================

Top Authors In Last 30 Days

Red Hat 252 files
Ubuntu 59 files
Debian 19 files
LiquidWorm 17 files
Apple 9 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files
Google Security Research 3 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

WordPress WPtouch Mobile 3.4.5 Shell Upload

WordPress WPtouch Mobile 3.4.5 Shell Upload

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress WPtouch Mobile 3.4.5 Shell Upload

Share This

WordPress WPtouch Mobile 3.4.5 Shell Upload

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems