Home of WhiteHat CyberArmy
HomeFAQSearchMemberlistUsergroupsRegisterLog in


 WordPress OptimizePress hack (file upload vulnerability)

Go down 

Posts : 80
Join date : 2013-11-12
Age : 33
Location : Cyber World

WordPress OptimizePress hack (file upload vulnerability) Empty
PostSubject: WordPress OptimizePress hack (file upload vulnerability)   WordPress OptimizePress hack (file upload vulnerability) EmptyThu Apr 24, 2014 10:40 am

Dork : inurl:/wp-content/themes/OptimizePress/lib/admin/media-upload.php
Exploit : localhost/path/wp-content/themes/OptimizePress/lib/admin/media-upload.php/

Thousands of WordPress sites are at risk of being hacked using a newly-discovered vulnerability in the popular OptimizePress theme.  We tried to find an official announcement of this vulnerability, but the search only turned up a PasteBin post from Nov. 23 that has since been removed.  However, the Google cache is still there as of now (included at the end of this post).  It shows the details of the vulnerability, which is very simple – you can exploit it with a browser.  The problem is in this file: wp-content/themes/OptimizePress/lib/admin/media-upload.php .  You can simply browse directly to that file, yielding a page like this:

[You must be registered and logged in to see this image.]

The hacker simply has to choose a PHP file using the “Upload New Image” section and upload it.  The page then lists it, like this:

[You must be registered and logged in to see this image.]

Your files located here : Site.com/wp-content/uploads/optpress/images_comingsoon/fileshere.php
Back to top Go down
View user profile http://whitehatcyberarmy.forumotion.com
WordPress OptimizePress hack (file upload vulnerability)
Back to top 
Page 1 of 1
 Similar topics
» upload imege
» ChessPad: A PGN file generator
» Upload Games from Fritz Gui
» Photobucket Problems
» Broken Sword 2.5 to Release in English

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical WhiteHat CyberArmy :: WhiteHat CyberArmy Community :: Exploits and Vulnerabilities-
Jump to: