Ashiyane DST Discover WordPress Userpro Remote File Upload Bug

8 years ago

Userpro Wordpress Userpro Remote File Upload

Security researchers at Iranian team Ashiyane Digital Security Team have discover remote file upload vulnerability in Wordpress -Google Dork: inurl:/wp-content/plugins/userpro/- Vulnerability risk is rated as high by cxsecurity.com

This module -requires using Metasploit- exploits an arbitrary PHP code upload in the wordpress Ifileupload plugin The vulnerability allows for unauthorization file upload and remote code execution.

Link: https://cxsecurity.com/issue/WLB-2016100199

Exploit is make by: T3rm!nat0r5

All vulns find by Ashiyane: https://cxsecurity.com/search/author/DESC/AND/FIND/0/10/Ashiyane+Digital+Security+Team/

T3rm!nat0r5 contact: [email protected]
Ashiyane home: http://ashiyane.org/

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *