Categories
Injection, Uncategorized, Web Attacks, webdev

Today I release a simple exploit as a PoC for the 5 advisories. These were discovered by Larry W Cashdollar. The exploit takes on the following phases:

  • It checks that the plugin exists.
  • If it does it generates a webshell and uploads it to the server.
  • The plugin renames shells to an md5 hash; The PoC confirms this by filtering it in the response body.
  • It runs a command against the victim/target to see that it actually successfully exploited.
  • It then provides you with the URL to run further custom commands.
Remote file upload vulnerability in WordPress Plugin Mobile App Native 3.0

Remote file upload vulnerability in WordPress Plugin Mobile App Native 3.0

To understand the thought process of making this CVE actualize read online here. The exploit can be found on github.

You may also read the path to automation of web attacks, the attack above has been used as an example ; this can be found on slideshare.

It was also identified that this attack now covers 5 plugins which use an unlicensed software from Invedion CVE’s and was updated to exploit all. They are as below:

 

1. Zen App Mobile Native <=3.0 (CVE-2017-6104)
2. WordPress Plugin webapp-builder v2.0 (CVE-2017-1002002)
3. WordPress Plugin wp2android-turn-wp-site-into-android-app v1.1.4 (CVE-2017-1002003)
4. WordPress Plugin mobile-app-builder-by-wappress v1.05 (CVE-2017-1002001)
5.  Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0 (CVE-2017-1002000)

The wordpress Vulnerability database entries for the same :

This is listed in the following areas:

https://www.exploit-db.com/exploits/41540/

https://cxsecurity.com/issue/WLB-2017030065

http://www.expku.com/web/6353.html

http://seclists.org/oss-sec/2017/q1/560

Leave a Reply

Your email address will not be published. Required fields are marked *

April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930