'Blog' Module 'Write Tab' Arbitrary File Upload Vulnerability (4 posts)

  1. moralesp
    Posted 8 years ago #



    Anybody knows a solution to this vulnerability? It was published last month, but there arenĀ“t any comments about this. It seems it is an important vulnerability.

    Do you know if it affects wordpress 2.5?

    Thanks in advance.


  2. rawalex
    Posted 8 years ago #

    You must login into wordpress with Administrator Roles

    1. Write Tabs - You can post title, contents and upload files. In Upload section, You can upload php script such as r57,c99,etc. into systems

    and upload's file will appear in http://target/wp-content/uploads/year/month/file.php

    2. If you can't upload your php script: Found message "File type does not meet security guidelines. Try another"

    Dont Worry, Move to "plugins" Tabs and choose some plugins (Akismet, Hello Dolly) to EDIT it. Now you can add php script (r57/c99) into plugins edit section.

    Finished it and Back to Plugins Tabs -> Click Active plugins then Get your SHELL....

    Let's Fun...

    It's only an issue if someone has admin privilege password.

  3. This is not even a vulnerability, it's a feature. Admins can upload any filetype they like... because they are admins. They can also edit the plugins code directly, if the plugins are writable by the webserver.

    This is not an exploit. There are no issues here.

  4. drsceifers
    Posted 7 years ago #

    It is an issue, I work for an ISP and we see accounts being "owned" by this quite often.

    Somehow this is being done with checking for authorization.

    If you have doubts, check out http://www.alexa.com/search?q=r57shell&page=9&count=10

    Moderator: you might want to make this private once you have read it. I don't want to freak people out, but you need to be aware it is being exploited.

Topic Closed

This topic has been closed to new replies.

About this Topic