################################################################################################# # Exploit Title : WordPress Share-Buttons Plugins 4.9.9 Remote Shell Upload Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 22/12/2018 # Vendor Homepage : wordpress.org ~ sbuttons.ru # Software Download Link : atwebresults.com/php_ajax_image_upload/ + wordpress.org/plugins/tags/share-buttons/ + raw.githubusercontent.com/usaphp/plufit/master/wp-content/plugins/share-buttons/upload/index.php # Tested On : Windows and Linux # Category : WebApps # Version Information : V2.7 ~ V4.0 ~ V4.4.2 ~ V4.6.1 ~ V4.7.12 ~ V4.8.8 ~ V4.9.7 ~ V4.9.8 ~ V4.9.9 + Apache 2.4.10 ~ Apache 2.4.33 ~ Apache 2.4.35 ~ PHP 5.6.38 ~ OpenSSL 0.9.8e ~ UNIX OS ~ + jQuery 1.8.2 ~ Nginx 1.12.2 ~ Nginx 1.10.3 # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/share-buttons/'' + intext:''Sleeker More "Web 2.0" onChange Use'' /wp-content/plugins/share-buttons/ # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] + CWE-434- [ Unrestricted Upload of File with Dangerous Type ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Arbitrary File Upload/Remote Shell Upload Exploit : /wp-content/plugins/share-buttons/upload/index.php /wp-content/plugins/share-buttons/upload/scripts/ajaxupload.php Error : Error(s) Found: File Size Empty, # Directory File Path : /wp-content/plugins/share-buttons/upload/uploads/[FILENAMEHERE]_[RANDOM-NUMBERS].png # Note : .php;.gif ~ .asp;.png ~ .shtml.fla;.jpeg ################################################################################################# Vulnerable File Code : /upload/index.php ************************************ PHP AJAX Image Upload, Truly Web 2.0!
Sleeker More "Web 2.0" onChange Use


Supported File Types: gif, jpg, png
################################################################################################# # Example Vulnerable Sites => [+] russia.starchildglobal.com/wp-content/plugins/share-buttons/upload/index.php [+] viatec.md/wp-content/plugins/share-buttons/upload/index.php [+] outfund.ru/wp-content/plugins/share-buttons/upload/index.php [+] cnho.ru/wp-content/plugins/share-buttons/upload/index.php [+] like-tv.tv/wp-content/plugins/share-buttons/upload/index.php [+] eparhia-tmb.ru/wp-content/plugins/share-buttons/upload/index.php [+] unost.org/wp-content/plugins/share-buttons/upload/index.php [+] hww.ru/wp/wp-content/plugins/share-buttons/upload/index.php [+] daode.com.ua/wp-content/plugins/share-buttons/upload/index.php [+] udacha.pro/wp-content/plugins/share-buttons/upload/index.php [+] brukioptom.com.ua/wp-content/plugins/share-buttons/upload/index.php [+] poddelki.net/wp-content/plugins/share-buttons/upload/index.php [+] spblago.ru/wp-content/plugins/share-buttons/upload/index.php ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################