From b816dd569c82bd2388bc8e67e9ef2f018c05ddd0 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 24 Apr 2013 17:34:25 -0500 Subject: [PATCH] Update description --- .../exploits/unix/webapp/php_wordpress_total_cache.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/exploits/unix/webapp/php_wordpress_total_cache.rb b/modules/exploits/unix/webapp/php_wordpress_total_cache.rb index 507d53069e..97edf9f678 100644 --- a/modules/exploits/unix/webapp/php_wordpress_total_cache.rb +++ b/modules/exploits/unix/webapp/php_wordpress_total_cache.rb @@ -19,10 +19,12 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a PHP Code Injection vulnerability on the W3 Total Cache wordpress plugin up to and including 0.9.2.8 version. The exploit is due to the handle of some special macros, such as mfunc, which allow to inject arbitrary PHP - code. A valid post id where publish the malicious comment must be provided. Also - credentials if anonymous comments are allowed. Finally, comments shouldn't be - moderated in order finish the exploitation successfully. This module has been tested - against Wordpress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system. + code. A valid post id where publish the malicious comment is needed. The user can + provide it with the POSTID option, otherwise a valid one will try to be brute + forced. Also, if anonymous comments aren't allowed, valid credentials must be + provided. Finally, comments shouldn't be moderated in order finish the exploitation + successfully. This module has been tested against Wordpress 3.5 and W3 Total Cache + 0.9.2.3 on a Ubuntu 10.04 system. }, 'Author' => [