File tree Expand file tree Collapse file tree 1 file changed +5
-4
lines changed
modules/exploits/unix/webapp Expand file tree Collapse file tree 1 file changed +5
-4
lines changed Original file line number Diff line number Diff line change @@ -17,10 +17,11 @@ def initialize(info = {})
1717 'Name' => 'Wordpress W3 Total Cache PHP Code Execution' ,
1818 'Description' => %q{
1919 This module exploits a PHP Code Injection vulnerability on the W3 Total Cache
20- wordpress plugin up to and including 0.9.2.8 version. The exploit is due to the
21- handle of some special macros, such as mfunc, which allow to inject arbitrary PHP
22- code. A valid post id where publish the malicious comment is needed. The user can
23- provide it with the POSTID option, otherwise a valid one will try to be brute
20+ wordpress plugin up to and including 0.9.2.8 version. Versions up to and including
21+ 1.2 of WP Super Cache plugin are also reported as vulnerable. The exploit is due to
22+ the handle of some special macros, such as mfunc, which allow to inject arbitrary
23+ PHP code. A valid post id where publish the malicious comment is needed. The user
24+ can provide it with the POSTID option, otherwise a valid one will try to be brute
2425 forced. Also, if anonymous comments aren't allowed, valid credentials must be
2526 provided. Finally, comments shouldn't be moderated in order finish the exploitation
2627 successfully. This module has been tested against Wordpress 3.5 and W3 Total Cache
You can’t perform that action at this time.
0 commit comments