module
WordPress Backup Migration Plugin PHP Filter Chain RCE
| Disclosed |
|---|
| Dec 11, 2023 |
Disclosed
Dec 11, 2023
Description
This module exploits an unauth RCE in the WordPress plugin: Backup Migration ( exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint.
The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend
bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend
a PHP payload to a string which gets evaluated by a require statement, which results in command execution.
The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend
bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend
a PHP payload to a string which gets evaluated by a require statement, which results in command execution.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.