Home of Ethical WhiteHat CyberArmy
Would you like to react to this message? Create an account in a few clicks or log in to continue.


Home of WhiteHat CyberArmy
 
HomeLatest imagesSearchRegisterLog in

 

 WordPress OptimizePress hack (file upload vulnerability)

Go down 
AuthorMessage
W-P
Admin
W-P


Posts : 80
Join date : 2013-11-12
Age : 38
Location : Cyber World

WordPress OptimizePress hack (file upload vulnerability) Empty
PostSubject: WordPress OptimizePress hack (file upload vulnerability)   WordPress OptimizePress hack (file upload vulnerability) EmptyThu Apr 24, 2014 10:40 am

Dork : inurl:/wp-content/themes/OptimizePress/lib/admin/media-upload.php
Exploit : localhost/path/wp-content/themes/OptimizePress/lib/admin/media-upload.php/


Thousands of WordPress sites are at risk of being hacked using a newly-discovered vulnerability in the popular OptimizePress theme.  We tried to find an official announcement of this vulnerability, but the search only turned up a PasteBin post from Nov. 23 that has since been removed.  However, the Google cache is still there as of now (included at the end of this post).  It shows the details of the vulnerability, which is very simple – you can exploit it with a browser.  The problem is in this file: wp-content/themes/OptimizePress/lib/admin/media-upload.php .  You can simply browse directly to that file, yielding a page like this:

[You must be registered and logged in to see this image.]

The hacker simply has to choose a PHP file using the “Upload New Image” section and upload it.  The page then lists it, like this:

[You must be registered and logged in to see this image.]

Your files located here : Site.com/wp-content/uploads/optpress/images_comingsoon/fileshere.php
Back to top Go down
https://whitehatcyberarmy.forumotion.com
 
WordPress OptimizePress hack (file upload vulnerability)
Back to top 
Page 1 of 1
 Similar topics
-
» [WordPress Templatic Themes]_StoreBox Shell Upload Vulnerability
» RTE File Upload Vulnerability
» WebTester File Upload Vulnerability
» CKfinder File Upload Vulnerability
» Joomla Component com_fabrik File Upload Vulnerability

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical WhiteHat CyberArmy :: WhiteHat CyberArmy Community :: Exploits and Vulnerabilities-
Jump to: