WordPress OptimizePress插件任意文件上传漏洞

漏洞版本:

WordPress OptimizePress Plugin 1.x

漏洞描述:

WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。

'/wp-content/themes/OptimizePress/lib/admin/media-upload.php'不正确校验用户提交的上传文件扩展,允许远程攻击者利用漏洞提交恶意文件,并以WEB权限执行。
<* 参考
http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability 
http://help.optimizepress.com/customer/portal/articles/1381790-important-optimizepress-1-0-security-update
http://sebug.net/appdir/WordPress
*>

测试方法:

本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
  1. #############################################################################
  2. # Exploit Title: WordPress OptimizePress Themes File Upload Vulnerability #
  3. # Author: Eagle Eye #
  4. # Date: 21/11/2013 #
  5. # Themes Link: http://www.optimizepress.com/ #
  6. # Infected File: lib/admin/media-upload.php #
  7. # Category: webapps #
  8. # Google dork: inurl:/wp-content/themes/OptimizePress/ #
  9. # inurl:/wp-content/uploads/optpress/ #
  10. # Tested on : Windows/Linux #
  11. #############################################################################
  12. # #
  13. #Exploit #
  14. # #
  15. #- Upload your shell #
  16. # #
  17. #http://127.0.0.1/wp-content/themes/OptimizePress/lib/admin/media-upload.php#
  18. # #
  19. #- Your shell is here #
  20. # #
  21. #http://127.0.0.1/wp-content/uploads/optpress/images_comingsoon/ #
  22. # #
  23. #.:: United of Muslim Cyber Army ::. #
  24. # #
  25. #############################################################################

安全建议:

厂商补丁:

WordPress
-----
WordPress OptimizePress Plugin 1.6已经修复该漏洞,请到厂商的主页下载:

http://help.optimizepress.com
posted @ 2013-12-17 22:55  夏虫xm  阅读(603)  评论(0编辑  收藏  举报