1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress OptimizePress hack (file upload vulnerability)

Discussion in 'BlackHat Lounge' started by foleymon, Dec 1, 2013.

  1. foleymon

    foleymon Registered Member

    Joined:
    Jan 3, 2013
    Messages:
    61
    Likes Received:
    91
    Location:
    Vero Beach, FL, USA
    Home Page:
    Found this 0day out there today.

    Thousands of WordPress sites are at risk of being hacked using a newly-discovered vulnerability in the popular OptimizePress theme. We tried to find an official announcement of this vulnerability, but the search only turned up a PasteBin post from Nov. 23 that has since been removed. However, the Google cache is still there as of now (included at the end of this post). It shows the details of the vulnerability, which is very simple ? you can exploit it with a browser. The problem is in this file: wp-content/themes/OptimizePress/lib/admin/media-upload.php . You can simply browse directly to that file,

    osirt (dot) (com) (slash)2013 (slash) 11 (slash) wordpress-optimizepress-hack-file-upload-vulnerability
     
    • Thanks Thanks x 1