Add script for detecting and exploiting vulnerability in Wordpress CM Do... #38
Following script detects & exploits CVE-2014-8877 vulnerability in Wordpress CM Download Manager plugin
Vulnerability allows to inject arbitrary PHP code via CMDsearch param. The script simply injects system() function with OS shell command of choice (provided as script's parameter) as an argument.
Preparing testing environment
To prepare local testing environment following steps should be performed:
Running the script
Running the script:
Where 'cmd' parameter is shell command for execution and 'uri' is path to your Wordpress installation.
@mzet- Sorry for the delay in reviewing this. Unfortunately, it has false positive problems. If the page requested echoes the request URI at all, then the check will be true, since the check is a simple echo function. Here are the changes I would like to see before we could include this:
I've finally found some time to incorporate your feedback: