Wordpress WPtouch Mobile Plugin File Upload Vulnerability
=================================
====================
______ ___/ / / / /
/ / /___ ____ ___/__ / / ____ ____ _______ ____ ___/ /
: / / / \/__ \/ / / / \/ \/ \/ / \/ \/ /
| / / / / / / / / / / / / / /__/ / /__/ / / / /
--X-- / / / / / / / / / / / / / / / /__ / __/ / /
|\____/__/__/\____/\____/__/__/__/\____/__/ /__/ / /\____/\____/
: ____ \____/:
/ \____ ____ ____ ____ ____ |
/ / / \/ \/ \/ \/ --X--
Don Tukulesto / / /__/ /__/ / / /__/ /__/|
/ / / / / / / __/__ /__ / :
/__/__/\____/\____/\____/ / / / /
www.indonesiancoder.com\____/\____/
73 78 68 79 78 69 83 73 65 78 67 79 68 69 82
Found by : k4L0ng666 (k4L0ng666@indonesiancoder.com)
Submited by : Don Tukulesto (root@indonesiancoder.com)
Homepage : http://indonesiancoder.com
Published : August 26, 2014
Tested On : OS X 10.9.4
=================================
====================
==================
| Software Info |==================
[>] Download : http://downloads.wordpress.org/plugin/wptouch.3.4.5.zip
[>] Software : WPtouch Mobile Plugin - Wordpress Plugin
[>] Plugin Version : 3.4.5
[>] Vulnerability : File upload
I. Proof of Concept
=================================
====================
You can execute any .php code into uploader, then you can find the backdoor at /wp-content/wptouch-data/
See Image below
II. Vendor patch
=================================
====================
Currently manufacturers do not provide patches or upgrades.
Because it’s the new version. \m/
=================================
====================
WE ARE ONE UNITY, WE ARE A CODER FAMILY AND WE ARE INDONESIAN CODER
[>] Malang Cyber Crew ~ Magelang Cyber ~ Exploit-ID ~ Kill-9 Crew ~ Jatimcom
“People should not be afraid of their governments. Goverments should be afraid of their people.” -V
“Knowledge, like air, is vital to life. Like air, no one should be denied it.”
~(^_^)~
=================================
====================