Wordpress Responsive Thumbnail Slider Arbitrary File Upload

vendor:

Responsive Thumbnail Slider

by:

Arash Khazaei

7,5

CVSS

HIGH

Arbitrary File Upload

N/A

CWE

Product Name: Responsive Thumbnail Slider

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Kali, Iceweasel Browser

2015

WordPress Responsive Thumbnail Slider Arbitrary File Upload

Wordpress Responsive Thumbnail Slider Plugin is a with 6000+ active install and suffer from a file upload vulnerability allow attacker upload shell as a image. Authors, editors and of course administrators this vulnerability to harm website. For exploiting this vulnerability, go to add image section and upload file by self plugin uploader then upload file with double extension image and by using a BurpSuite or Tamper Data change the file name from Shell.php.jpg to Shell.php and shell is uploaded.

Mitigation:

No known mitigation available

Source

Exploit-DB raw data:

# Exploit Title: Wordpress Responsive Thumbnail Slider Arbitrary File Upload
# Date: 2015/8/29
# Exploit Author: Arash Khazaei
# Vendor Homepage:
https://wordpress.org/plugins/wp-responsive-thumbnail-slider/
# Software Link:
https://downloads.wordpress.org/plugin/wp-responsive-thumbnail-slider.zip
# Version: 1.0
# Tested on: Kali , Iceweasel Browser
# CVE : N/A
# Contact : http://twitter.com/0xClay
# Email : 0xclay@gmail.com
# Site : http://bhunter.ir

# Intrduction :

# Wordpress Responsive Thumbnail Slider Plugin iS A With 6000+ Active
Install
# And Suffer From A File Upload Vulnerability Allow Attacker Upload Shell
As A Image .
# Authors , Editors And Of Course Administrators This Vulnerability To Harm
WebSite .

# POC :

# For Exploiting This Vulnerability :

# Go To Add Image Section And Upload File By Self Plugin Uploader
# Then Upload File With Double Extension Image
# And By Using A BurpSuite Or Tamper Data Change The File Name From
Shell.php.jpg To Shell.php
# And Shell Is Uploaded . :)



<!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->