Skip to content

Reflex Gallery 3.1.3 Arbitrary File Upload to RCE Exploit

License

Notifications You must be signed in to change notification settings

D3Ext/Reflex-Gallery-Exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Reflex-Gallery-Exploit

Reflex Gallery 3.1.3 Arbitrary File Upload to RCE Exploit

Description

Reflex Gallery is a Wordpress plugins which has a vulnerability on its 3.1.3 version which can be exploited easily by attackers to upload arbitrary files, for example php code to achieve Remote Command Execution

# Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload
# Google Dork: inurl:wp-content/plugins/reflex-gallery/
# Date: 08.03.2015
# Discovered by: CrashBandicot @DosPerl
# Vendor Homepage: https://wordpress.org/plugins/reflex-gallery/
# Software Link: https://downloads.wordpress.org/plugin/reflex-gallery.zip
# Version: 3.1.3 (Last)
# Tested on: Linux

Usage

The usage of the exploit is really easy. Simply you have to pass the wordpress base URL with the "-u" parameter and it will do all the dirty work to upload a php file and spawns an interactive fake-shell to execute commands

Example

python3 exploit.py -u http://target.com/wordpress/

If you receive errors try to change the number 2022 from script to any other existent year in the /wp-content/uploads/ folder

Demo