|    |    |    | Today: 19-Nov-2017 |

WordPress WPtouch Mobile Plugin File Upload Vulnerability

August 26, 2014 | Posted in ExploitAlert

Wordpress WPtouch Mobile Plugin File Upload Vulnerability
=====================================================


______ ___/ / / / /
/ / /___ ____ ___/__ / / ____ ____ _______ ____ ___/ /
: / / / \/__ \/ / / / \/ \/ \/ / \/ \/ /
| / / / / / / / / / / / / / /__/ / /__/ / / / /
--X-- / / / / / / / / / / / / / / / /__ / __/ / /
|\____/__/__/\____/\____/__/__/__/\____/__/ /__/ / /\____/\____/
: ____ \____/:
/ \____ ____ ____ ____ ____ |
/ / / \/ \/ \/ \/ --X--
Don Tukulesto / / /__/ /__/ / / /__/ /__/|
/ / / / / / / __/__ /__ / :
/__/__/\____/\____/\____/ / / / /
www.indonesiancoder.com\____/\____/
73 78 68 79 78 69 83 73 65 78 67 79 68 69 82


Found by : k4L0ng666 (k4L0ng666@indonesiancoder.com)
Submited by : Don Tukulesto (root@indonesiancoder.com)
Homepage : http://indonesiancoder.com
Published : August 26, 2014
Tested On : OS X 10.9.4
=====================================================

==================| Software Info |==================

[>] Download : http://downloads.wordpress.org/plugin/wptouch.3.4.5.zip
[>] Software : WPtouch Mobile Plugin - Wordpress Plugin
[>] Plugin Version : 3.4.5
[>] Vulnerability : File upload



I. Proof of Concept
=====================================================
You can execute any .php code into uploader, then you can find the backdoor at /wp-content/wptouch-data/


See Image below


II. Vendor patch
=====================================================
Currently manufacturers do not provide patches or upgrades.
Because it’s the new version. \m/
=====================================================

WE ARE ONE UNITY, WE ARE A CODER FAMILY AND WE ARE INDONESIAN CODER


[>] Malang Cyber Crew ~ Magelang Cyber ~ Exploit-ID ~ Kill-9 Crew ~ Jatimcom


“People should not be afraid of their governments. Goverments should be afraid of their people.” -V


“Knowledge, like air, is vital to life. Like air, no one should be denied it.”

~(^_^)~
=====================================================

Taged in: Mobile, plugin, upload, vulnerability, wordpress, wptouch