Sorry to Say, But It is a Lame Exploit

Posted: January 18th, 2009 | Author: | Filed under: IT Related | Tags: , | No Comments »

As posted in SEBUG Security DB, puret_t released an exploit on WordPress 2.7.0 admin remote code execution vulnerability. I plan to discuss the exploit and the vulnerability in a knowledge sharing session, so I spent a few minutes to study them.

Sorry to puret_t because I have to say that it is a lame exploit. The reasons are :-

  1. You need to have admin user name and password to execute the exploit.
  2. The exploit will upload a webshell, but since you have admin user name and password, why dont you just use the upload function in wordpress?
  3. The webshell itself contain error :-
    <?php eval($_POST[c]); ?>

    The correct one should be :-

    <?php eval($_POST['c']); ?>

Leave a Reply