WordPress Responsive Thumbnail Slider 1.0 - Authenticated Shell Upload & CSRFSign up to our free email alerts service for instant vulnerability notifications!
The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor.
|Proof of Concept||
Create a file names shell.php.jpg with PHP. Intercept the request and change the file name to shell.php. File was uploaded to http://www.example.com/wp-content/uploads/wp-responsive-images-thumbnail-slider/96b64029012ad7ca3a368fba667938cd.php
|Publicly Published||2015-08-31 (about 1 year ago)|
|Added||2015-09-02 (about 1 year ago)|
|Last Updated||2015-09-02 (about 1 year ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|