Wordpress Better-wp-security Plugin Remote Code Execution

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1041174 漏洞类型
发布时间 2015-09-30 更新时间 2015-09-30
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2015090197
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
 | [+] Exploit Title: Wordpress Better-wp-security  Plugin Remote Code Execution
 | [+] Exploit Author: Tonel Team
 | [+] Vendor Homepage : https://wordpress.org/plugins/better-wp-security/
 | [+] Download Link : https://downloads.wordpress.org/plugin/better-wp-security.4.6.12.zip
 | [+] Tested on: Kali/lceweasel
 | [+] Date : 2015-09-30
 | [+] Version : 4.6.12
 | [+] Google Dork : inurl:wp-content/plugins/better-wp-security
 | [+] Discovered By : Zeus_Syborg
 |-------------------------------------------------------------------------|
 | [+] Exploit: |
 | [+] Location : http://site.com/wp-content/plugins/better-wp-security/better-wp-security.php
 | [+] Vulnerability is also triggered in: http://site.com/wp-content/plugins/better-wp-security/core/class-itsec-core.php
 | [+] Screenshot : http://s6.picofile.com/file/8214838076/Screenshot_from_2015_04_03_012110_e1427980993309.png


public function admin_tooltip_ajax() {

                        global $itsec_globals;

                        if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce(
sanitize_text_field( $_POST['nonce'] ), 'itsec_tooltip_nonce' ) ) {
                                die ();
                        }

                        if ( sanitize_text_field( $_POST['module'] ) == 'close' ) {

                                $data                       = $itsec_globals['data'];
                                $data['tooltips_dismissed'] = true;
                                update_site_option( 'itsec_data', $data );

                        } else {

                                call_user_func_array( $this->tooltip_modules[ sanitize_text_field(
$_POST['module'] ) ]['callback'], array() );

                        }

                        die(); // this is required to return a proper result

                }

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]Soecial Tnx:All Of Members Tonel Team                          [+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]