header-logo
Suggest Exploit
vendor:
Responsive Thumbnail Slider
by:
Arash Khazaei
7,5
CVSS
HIGH
Arbitrary File Upload
N/A
CWE
Product Name: Responsive Thumbnail Slider
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Kali, Iceweasel Browser
2015

WordPress Responsive Thumbnail Slider Arbitrary File Upload

Wordpress Responsive Thumbnail Slider Plugin is a with 6000+ active install and suffer from a file upload vulnerability allow attacker upload shell as a image. Authors, editors and of course administrators this vulnerability to harm website. For exploiting this vulnerability, go to add image section and upload file by self plugin uploader then upload file with double extension image and by using a BurpSuite or Tamper Data change the file name from Shell.php.jpg to Shell.php and shell is uploaded.

Mitigation:

No known mitigation available
Source

Exploit-DB raw data:

# Exploit Title: Wordpress Responsive Thumbnail Slider Arbitrary File Upload
# Date: 2015/8/29
# Exploit Author: Arash Khazaei
# Vendor Homepage:
https://wordpress.org/plugins/wp-responsive-thumbnail-slider/
# Software Link:
https://downloads.wordpress.org/plugin/wp-responsive-thumbnail-slider.zip
# Version: 1.0
# Tested on: Kali , Iceweasel Browser
# CVE : N/A
# Contact : http://twitter.com/0xClay
# Email : 0xclay@gmail.com
# Site : http://bhunter.ir

# Intrduction :

# Wordpress Responsive Thumbnail Slider Plugin iS A With 6000+ Active
Install
# And Suffer From A File Upload Vulnerability Allow Attacker Upload Shell
As A Image .
# Authors , Editors And Of Course Administrators This Vulnerability To Harm
WebSite .

# POC :

# For Exploiting This Vulnerability :

# Go To Add Image Section And Upload File By Self Plugin Uploader
# Then Upload File With Double Extension Image
# And By Using A BurpSuite Or Tamper Data Change The File Name From
Shell.php.jpg To Shell.php
# And Shell Is Uploaded . :)



<!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->

Navigation

Suggest Exploit

Services By CQR