Snap Creek Duplicator WordPress plugin code injection
Description
When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.
Author(s)
- Julien Legras <julien.legras@synacktiv.com>
- Thomas Chauchefoin <thomas.chauchefoin@synacktiv.com>
Platform
PHP
Architectures
php
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/php/wp_duplicator_code_inject
msf exploit(wp_duplicator_code_inject) > show targets
...targets...
msf exploit(wp_duplicator_code_inject) > set TARGET < target-id >
msf exploit(wp_duplicator_code_inject) > show options
...show and set options...
msf exploit(wp_duplicator_code_inject) > exploit
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security