File tree Expand file tree Collapse file tree 1 file changed +6
-4
lines changed
modules/exploits/unix/webapp Expand file tree Collapse file tree 1 file changed +6
-4
lines changed Original file line number Diff line number Diff line change @@ -19,10 +19,12 @@ def initialize(info = {})
1919 This module exploits a PHP Code Injection vulnerability on the W3 Total Cache
2020 wordpress plugin up to and including 0.9.2.8 version. The exploit is due to the
2121 handle of some special macros, such as mfunc, which allow to inject arbitrary PHP
22- code. A valid post id where publish the malicious comment must be provided. Also
23- credentials if anonymous comments are allowed. Finally, comments shouldn't be
24- moderated in order finish the exploitation successfully. This module has been tested
25- against Wordpress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.
22+ code. A valid post id where publish the malicious comment is needed. The user can
23+ provide it with the POSTID option, otherwise a valid one will try to be brute
24+ forced. Also, if anonymous comments aren't allowed, valid credentials must be
25+ provided. Finally, comments shouldn't be moderated in order finish the exploitation
26+ successfully. This module has been tested against Wordpress 3.5 and W3 Total Cache
27+ 0.9.2.3 on a Ubuntu 10.04 system.
2628 } ,
2729 'Author' =>
2830 [
You can’t perform that action at this time.
0 commit comments