add piwik superuser plugin upload module #7917
This PR adds a module to upload a generated plugin to an piwik installation after you grabbed superuser credentials. This way you can turn superuser credentials into a remote code execution. The plugin also tries to enable the
Tested with Piwik 2.14.0, 2.16.0, 2.17.1 and 3.0.1 (you can get older versions from https://builds.piwik.org/)
To install on debian as root:
After the install browse to
Be sure to also deactivate the
To test other piwik versions too:
Had some oddities but I think its due to my own configuration of running virtualbox and the portforwarding.
for completeness, i used a bind shell, and Ubuntu 14.04.