Sorry to Say, But It is a Lame Exploit
Posted: January 18th, 2009 | Author: xanda | Filed under: IT Related | Tags: exploit, lame | No Comments »As posted in SEBUG Security DB, puret_t released an exploit on WordPress 2.7.0 admin remote code execution vulnerability. I plan to discuss the exploit and the vulnerability in a knowledge sharing session, so I spent a few minutes to study them.
Sorry to puret_t because I have to say that it is a lame exploit. The reasons are :-
- You need to have admin user name and password to execute the exploit.
- The exploit will upload a webshell, but since you have admin user name and password, why dont you just use the upload function in wordpress?
- The webshell itself contain error :-
<?php eval($_POST[c]); ?>
The correct one should be :-
<?php eval($_POST['c']); ?>
Leave a Reply