|
===========================================================0D
=0D
Wordpress Malicious File Execution Vulnerability =0D
=0D
===========================================================0D
=0D
AUTHOR : CWH Underground=0D
DATE : 18 May 2008=0D
SITE : www.citecclub.org=0D
=0D
=0D
#####################################################=0D
APPLICATION : Wordpress Blog =0D
VERSION : <= 2.5.1 =0D
VENDOR : http://wordpress.org/ =0D
DOWNLOAD : http://wordpress.org/download=0D
#####################################################=0D
=0D
=0D
DORK: N/A=0D
=0D
---DESCRIPTION---=0D
You must login into wordpress with Administrator Roles=0D
=0D
1. Write Tabs - You can post title, contents and upload files. In Upload section, You can upload php script such as r57,c99,etc. into systems=0D
and upload's file will appear in http://[target]/wp-content/uploads/[year]/[month]/file.php=0D
=0D
2. If you can't upload your php script: Found message "File type does not meet security guidelines. Try another" =0D
Dont Worry, Move to "plugins" Tabs and choose some plugins (Akismet, Hello Dolly) to EDIT it. Now you can add php script (r57/c99) into plugins edit section.=0D
Finished it and Back to Plugins Tabs -> Click Active plugins then Get your SHELL....=0D
=0D
Let's Fun...=0D
=0D
=0D
---NOTE/TIP---=0D
=0D
In Plugins Edit section, Use comment /* ... */ to keep plugins code before add shells.=0D
=0D
##################################################################=0D
Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C =0D
##################################################################