module
Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution
| Disclosed | Created |
|---|---|
| 2021-06-14 | 2021-07-24 |
Disclosed
2021-06-14
Created
2021-07-24
Description
This module allows an attacker with a privileged Wordpress account to launch a reverse shell
due to an arbitrary file upload vulnerability in Wordpress plugin SP Project & Document
The security check only searches for lowercase file extensions such as `.php`, making it possible to upload `.pHP` files for instance.
Finally, the uploaded payload can be triggered by a call to `/wp-content/uploads/sp-client-document-manager//.php`
due to an arbitrary file upload vulnerability in Wordpress plugin SP Project & Document
The security check only searches for lowercase file extensions such as `.php`, making it possible to upload `.pHP` files for instance.
Finally, the uploaded payload can be triggered by a call to `/wp-content/uploads/sp-client-document-manager//.php`
Authors
Ron Jost
Yann Castel (yann.castel Yann Castel (yann.castel@orange.com)
Yann Castel (yann.castel Yann Castel (yann.castel@orange.com)
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.