As posted in SEBUG Security DB, puret_t released an exploit on WordPress 2.7.0 admin remote code execution vulnerability. I plan to discuss the exploit and the vulnerability in a knowledge sharing session, so I spent a few minutes to study them.
Sorry to puret_t because I have to say that it is a lame exploit. The reasons are :-
- You need to have admin user name and password to execute the exploit.
- The exploit will upload a webshell, but since you have admin user name and password, why dont you just use the upload function in wordpress?
- The webshell itself contain error :-
<?php eval($_POST[c]); ?>
The correct one should be :-
<?php eval($_POST['c']); ?>