Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJingoBDPACKETSTORM:110047
HistoryFeb 22, 2012 - 12:00 a.m.

WordPress SB Uploader Shell Upload

2012-02-2200:00:00
JingoBD
packetstormsecurity.com
36
JSON
`=================================================================  
# Title: Wordpress SB Uploader Plugin Shell Upload Vulnerability  
# Author: JingoBD  
# Category: webapps  
# Team: Bangladesh Cyber Army  
# Greetz: Bedu33n,N!1L,Rex0Man & All Member of BCA.  
# http://facebook.com/life.is.code  
# Plugin URI: http://wordpress.org/extend/plugins/sb-uploader/  
# Plugin Description: Allows the simple uploading of images to posts,  
pages, categories and custom post types/taxonomies. Provides  
shortcodes and PHP functions for easy addition to your site.  
# Version: 3.2 (Last Version)  
# Risk : High  
Tested on: Linux (Ubuntu)  
--------------------------------  
-[Exploit]-:  
1. Dork: inurl:plugins/sb-uploader  
2. Register vulnerable site. www.site.com/wp-register.php [N.B: If  
public registration disable This exploit is not work]  
3. Confrim your email, then login.  
4. Add a new post. title,body something if you want. Look right  
slidbar "SB Uploader" panel and upload a shell[PHP Shell]. Then  
publish this post.  
5. Now You get a new url. like: ""  
Existing Post Image URL: /wp/wp-content/uploads/2012/02/img1.php  
That is your shell Link. ""  
---------------------------------  
Thanks to ALLAH, who give me knowledge.  
Long Live Bangladesh  
My team Facebook Group: http://facebook.com/groups/bdcyberarmy  
`
JSON