module
WordPress Crop-image Shell Upload
| Disclosed | Created |
|---|---|
| 2019-02-19 | 2019-04-22 |
Disclosed
2019-02-19
Created
2019-04-22
Description
This module exploits a path traversal and a local file inclusion
vulnerability on WordPress versions 5.0.0 and
The crop-image function allows a user, with at least author privileges,
to resize an image and perform a path traversal by changing the _wp_attached_file
reference during the upload. The second part of the exploit will include
this image in the current theme by changing the _wp_page_template attribute
when creating a post.
This exploit module only works for Unix-based systems currently.
vulnerability on WordPress versions 5.0.0 and
The crop-image function allows a user, with at least author privileges,
to resize an image and perform a path traversal by changing the _wp_attached_file
reference during the upload. The second part of the exploit will include
this image in the current theme by changing the _wp_page_template attribute
when creating a post.
This exploit module only works for Unix-based systems currently.
Authors
RIPSTECH Technology
Wilfried Becard wilfried.becard@synacktiv.com
Wilfried Becard wilfried.becard@synacktiv.com
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.