Support » Requests and Feedback » ‘Blog’ Module ‘Write Tab’ Arbitrary File Upload Vulnerability

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must login into wordpress with Administrator Roles

    1. Write Tabs – You can post title, contents and upload files. In Upload section, You can upload php script such as r57,c99,etc. into systems

    and upload’s file will appear in http://[target]/wp-content/uploads/%5Byear%5D/%5Bmonth%5D/file.php

    2. If you can’t upload your php script: Found message “File type does not meet security guidelines. Try another”

    Dont Worry, Move to “plugins” Tabs and choose some plugins (Akismet, Hello Dolly) to EDIT it. Now you can add php script (r57/c99) into plugins edit section.

    Finished it and Back to Plugins Tabs -> Click Active plugins then Get your SHELL….

    Let’s Fun…

    It’s only an issue if someone has admin privilege password.

    This is not even a vulnerability, it’s a feature. Admins can upload any filetype they like… because they are admins. They can also edit the plugins code directly, if the plugins are writable by the webserver.

    This is not an exploit. There are no issues here.

    It is an issue, I work for an ISP and we see accounts being “owned” by this quite often.

    Somehow this is being done with checking for authorization.

    If you have doubts, check out http://www.alexa.com/search?q=r57shell&page=9&count=10

    Moderator: you might want to make this private once you have read it. I don’t want to freak people out, but you need to be aware it is being exploited.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘‘Blog’ Module ‘Write Tab’ Arbitrary File Upload Vulnerability’ is closed to new replies.