Follow

09/01/2017: WordPress (CMS) Magic Fields RCCWP_upload_ajax.php File Upload | Security Bulletin

Threat Summary

Overview

There is a file upload vulnerability in the WordPress plugin Magic Fields before version 1.5.6. The vulnerability occurs due to a lack of validation of authentication and file type being uploaded.

Exploitation

Stages

  1. A remote unauthenticated attacker sends a crafted request to RCCWP_upload_ajax.php with the file that the attacker wants to upload.
  2. The server sends a successful response stating where the file is now stored.
  3. The attacker can retrieve the file at ‘/wp-content/files_mf/’.

Prerequisites

The attacker must be able to send crafted packets to the vulnerable path.

Vulnerability Description

There is a file upload vulnerability in the WordPress plugin Magic Fields before version 1.5.6. The vulnerability occurs due to a lack of validation of authentication and file type being uploaded in the file RCCWP_upload_ajax.php. The attacker can leverage this vulnerability to send a ‘multipart/form-data’ request to the server running the vulnerable plugin uploading a malicious file. From here, the attack could potentially compromise the server.

Alert Logic Coverage

Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.

The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.

Recommendations for Mitigation

Disable the plugin until a patch is available, or seek an alternative plugin for the same activity.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.