Disputed / BOGUS

Wordpress Better-wp-security Plugin Remote Code Execution

Published / (Updated)
Credit
Risk
2015-04-02 / 2015-04-04
Milad Hacking
High
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
| [+] Exploit Title: Wordpress Better-wp-security Plugin Remote Code Execution
| [+] Exploit Author: Milad Hacking
| [+] Vendor Homepage : https://wordpress.org/plugins/better-wp-security/
| [+] Download Link : https://downloads.wordpress.org/plugin/better-wp-security.4.6.12.zip
| [+] Tested on: Kali , lceweasel
| [+] Date : 2015-04-04
| [+] Version : 4.6.12
| [+] Google Dork : inurl:wp-content/plugins/better-wp-security
| [+] Discovered By : Milad Hacking
|-------------------------------------------------------------------------|
| [+] Exploit: |
| [+] Location : http://site.com/wp-content/plugins/better-wp-security/better-wp-security.php
| [+] Vulnerability is also triggered in: http://site.com/wp-content/plugins/better-wp-security/core/class-itsec-core.php
| [+] Vulnerable Code : Line 723
| [+] Screenshot : http://fullsecurity.org/acc/wp-content/uploads/Screenshot-from-2015-04-03-012110-e1427980993309.png


public function admin_tooltip_ajax() {

global $itsec_globals;

if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce(
sanitize_text_field( $_POST['nonce'] ), 'itsec_tooltip_nonce' ) ) {
die ();
}

if ( sanitize_text_field( $_POST['module'] ) == 'close' ) {

$data = $itsec_globals['data'];
$data['tooltips_dismissed'] = true;
update_site_option( 'itsec_data', $data );

} else {

call_user_func_array( $this->tooltip_modules[ sanitize_text_field(
$_POST['module'] ) ]['callback'], array() );

}

die(); // this is required to return a proper result

}

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

References:

https://downloads.wordpress.org/plugin/better-wp-security.4.6.12.zip


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com