WordPress Plugin Responsive Thumbnail Slider 1.0 - Arbitrary File Upload

Author: Arash Khazaei
type: webapps
platform: php
port: 80.0
date_added: 2015-08-28  
date_updated: 2015-08-30  
verified: 1  
codes: OSVDB-126798  
tags: WordPress Plugin  
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt38000/screen-shot-2015-08-30-at-153028.png  
application_url: http://www.exploit-db.comwp-responsive-thumbnail-slider.zip  

raw file: 37998.txt  

# Exploit Title: Wordpress Responsive Thumbnail Slider Arbitrary File Upload
# Date: 2015/8/29
# Exploit Author: Arash Khazaei
# Vendor Homepage:
https://wordpress.org/plugins/wp-responsive-thumbnail-slider/
# Software Link:
https://downloads.wordpress.org/plugin/wp-responsive-thumbnail-slider.zip
# Version: 1.0
# Tested on: Kali , Iceweasel Browser
# CVE : N/A
# Contact : http://twitter.com/0xClay
# Email : 0xclay@gmail.com
# Site : http://bhunter.ir

# Intrduction :

# Wordpress Responsive Thumbnail Slider Plugin iS A With 6000+ Active
Install
# And Suffer From A File Upload Vulnerability Allow Attacker Upload Shell
As A Image .
# Authors , Editors And Of Course Administrators This Vulnerability To Harm
WebSite .

# POC :

# For Exploiting This Vulnerability :

# Go To Add Image Section And Upload File By Self Plugin Uploader
# Then Upload File With Double Extension Image
# And By Using A BurpSuite Or Tamper Data Change The File Name From
Shell.php.jpg To Shell.php
# And Shell Is Uploaded . :)



<!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->