Search the Community
Showing results for tags 'crop-image'.
-
Exploits WordPress 5.0.0 crop-image Shell Upload
1337day-Exploits posted a topic in Updated Exploits
This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently. View the full article