Home of WhiteHat CyberArmy
 
HomeFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 WordPress OptimizePress hack (file upload vulnerability)

Go down 
AuthorMessage
W-P
Admin
avatar

Posts : 80
Join date : 2013-11-12
Age : 32
Location : Cyber World

PostSubject: WordPress OptimizePress hack (file upload vulnerability)   Thu Apr 24, 2014 10:40 am

Dork : inurl:/wp-content/themes/OptimizePress/lib/admin/media-upload.php
Exploit : localhost/path/wp-content/themes/OptimizePress/lib/admin/media-upload.php/


Thousands of WordPress sites are at risk of being hacked using a newly-discovered vulnerability in the popular OptimizePress theme.  We tried to find an official announcement of this vulnerability, but the search only turned up a PasteBin post from Nov. 23 that has since been removed.  However, the Google cache is still there as of now (included at the end of this post).  It shows the details of the vulnerability, which is very simple – you can exploit it with a browser.  The problem is in this file: wp-content/themes/OptimizePress/lib/admin/media-upload.php .  You can simply browse directly to that file, yielding a page like this:

[You must be registered and logged in to see this image.]

The hacker simply has to choose a PHP file using the “Upload New Image” section and upload it.  The page then lists it, like this:

[You must be registered and logged in to see this image.]

Your files located here : Site.com/wp-content/uploads/optpress/images_comingsoon/fileshere.php
Back to top Go down
View user profile http://whitehatcyberarmy.forumotion.com
 
WordPress OptimizePress hack (file upload vulnerability)
Back to top 
Page 1 of 1
 Similar topics
-
» upload imege
» ChessPad: A PGN file generator
» Upload Games from Fritz Gui
» Photobucket Problems
» Broken Sword 2.5 to Release in English

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical WhiteHat CyberArmy :: WhiteHat CyberArmy Community :: Exploits and Vulnerabilities-
Jump to: