CVE-2011-4342

BackWPup < 1.7.1 - Remote Code Execution via wpabs Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4342. PoCs published by Sense of Security.

AI-analyzed exploit summary This exploit leverages a local file inclusion vulnerability in the WordPress BackWPup plugin (version 1.6.1) via the 'wpabs' parameter in 'wp_xml_export.php'. The static nonce value '822728c8d9' allows unauthenticated remote code execution through a data URI.

Description

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

Exploits (1)

exploitdb WORKING POC

by Sense of Security · textwebappsphp

https://www.exploit-db.com/exploits/17056

View Code ZIP pw:eip

This exploit leverages a local file inclusion vulnerability in the WordPress BackWPup plugin (version 1.6.1) via the 'wpabs' parameter in 'wp_xml_export.php'. The static nonce value '822728c8d9' allows unauthenticated remote code execution through a data URI.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress BackWPup plugin 1.6.1

No auth needed

Prerequisites: WordPress BackWPup plugin 1.6.1 installed · Access to the 'wp_xml_export.php' endpoint

MITRE ATT&CK