Nmap Development mailing list archives
Re: [NSE] script for exploiting CVE-2014-8877 vulnerability
From: Patricio Castagnaro <pcastagnaro () gmail com>
Date: Fri, 19 Dec 2014 11:50:44 -0300
Thank you very much Mariusz for sharing! *Lic. Patricio Castagnaro* *MSN/Gtalk/Mail* *pcastagnaro () gmail com <pcastagnaro () gmail com>* *Twitter* @*pcastagnaro* <https://twitter.com/pcastagnaro> *Skype:* * pcastagnaro**LinkedIn* *http://ar.linkedin.com/in/pcastagnaro <http://ar.linkedin.com/in/pcastagnaro>* *Google+* *https://plus.google.com/+PatricioCastagnaro <https://plus.google.com/+PatricioCastagnaro>* Think before you print 2014-12-18 21:12 GMT-03:00 Mariusz Ziulek <mzet () owasp org>:
Hi List, I've just completed script that exploits CVE-2014-8877 vulnerability. This flaw was found recently in Wordpress CM Download Manager plugin (https://wordpress.org/plugins/cm-download-manager/). Versions <= 2.0.0 are affected. Vulnerability allows to inject arbitrary PHP code via CMDsearch param. The script simply injects system() function with OS shell command of choice (provided as script's parameter) as an argument. Testing and comments are appreciated. Running the script: nmap -P0 -p80 -n --script http-vuln-cve2014-8877 --script-args http-vuln-cve2014-8877.cmd="whoami", http-vuln-cve2014-8877.uri="/wordpress" Where 'cmd' parameter is shell command for execution and 'uri' is path to your Wordpress installation. Revisions 1007950 (and below) of the plugin are affected so if any one would like to test the script locally, here's a command to quickly fetch the right (vulnerable) version of the plugin: svn co -r 1007950 http://plugins.svn.wordpress.org/cm-download-manager/trunk/ cm-dw-manager Regards, Mariusz _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] script for exploiting CVE-2014-8877 vulnerability Mariusz Ziulek (Dec 18)
- Re: [NSE] script for exploiting CVE-2014-8877 vulnerability Patricio Castagnaro (Dec 19)