A quick POC for CVE-2018-9206.
This exploit will attempt to find one of the three common variations of the software and upload a simple PHP shell.
I've done some testing against the 1000 forks of the original code and it seems only 36 were not vulnerable. I found these only required a slight tweak to my exploit to get the majority of them working.
Results are in the file test_results.txt.
Special Thanks to Phackt, @phackt_ul. He refactored the exploit code and added the docker testing environment.
For testing purpose (will create an Apache/PHP docker container with vuln versions of the plugin):
You can examine the docker container with:
root # docker run -it vuln bash