CVE-2016-15043 Scanner
CVE-2016-15043 Scanner - Unrestricted File Upload vulnerability in WP Mobile Detector
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
19 days 8 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
The "WP Mobile Detector" plugin is widely used by WordPress administrators aiming to optimize their websites for mobile device visitors. By detecting user agents, it tailors resolutions and formats to deliver a more user-friendly experience. Its primary customers include bloggers, small business sites, and tech enthusiasts who prioritize mobile accessibility. Given the vast user base of WordPress, this plugin is a go-to choice for those without intensive programming capabilities. The plugin's ease of deployment and compatibility with various themes further boost its popularity. However, the increasing reliance on such plugins underscores the need for robust security mechanisms.
The identified vulnerability in the "WP Mobile Detector" involves a failure to validate file types during uploads, manifested in the "resize.php" script. This oversight can lead to the unrestricted upload of potentially harmful files, allowing unauthorized access. Such vulnerabilities are common when plugins do not enforce strict security protocols. For attackers, exploiting this flaw can offer a gateway for malicious initiatives. As this issue affects versions up to 3.5, patching is imperative to protect systems. Remaining vigilant against such threats ensures both user data and site integrity.
Technical analysis of the "WP Mobile Detector" plugin reveals that the primary vulnerability lies within the "resize.php" script. It inadequately checks the legitimacy of file types, especially when handling input via the "src" parameter. Coupled with an unauthenticated upload mechanism, it provides a ripe opportunity for manipulation. Attackers can manipulate the upload mechanism to place malicious scripts, subsequently achieving remote code execution. This unfiltered access can jeopardize web server configurations, exposing sensitive data and functionality. Affected installations belong to those running versions up to 3.5 without subsequent patches, leaving them open to this flaw.
Exploitation of the unrestricted file upload vulnerability in the "WP Mobile Detector" poses several risks. The primary threat is remote code execution, leading to full server compromise. Attackers can intrusively upload scripts to alter or access sensitive files. This compromise in security can further escalate to defacement, sensitive data leaks, or unauthorized access to backend systems. Website integrity can be critically undermined, eroding user trust and enhancing the risk of further exploit attempts. With systems exposed, user data confidentiality and availability are jeopardized when left unpatched.
REFERENCES
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_mobile_detector_upload_execute.rb
- https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/
- https://wpscan.com/vulnerability/e4739674-eed4-417e-8c4d-2f5351b057cf/
