That being said, I’ll walk through everything needed for someone with a basic understanding of WordPress and the tools used to break in. Then I’ll show how I can exploit this vulnerability to remotely execute system commands.
3. Have Apache installed. I’m using Apache , but there are instructions on how to set up your server that should work with any web server.
To test a WordPress install for this vulnerability, install an exploit on a test machine and try to exploit the machine. The exploit will attempt to exploit the vulnerable theme at /wp-content/plugins/optimizepress/includes/custom-functions/plugin-functions.php. If the exploit succeeds, the install will be vulnerable.
The next bit looks like a random HTTP GET request. It is an attempt to retrieve the WordPress version from the server. The server will typically return the WordPress version in a code-page-encoded link . The code-page-encoding basically encodes the version number into the %E2%86%92 character set. When the %E2%86%92 character set is decoded, it provides information about the WordPress version.
The first two require lines pull in the WordPress core files to make it easier to debug. The third line is pulling in the WP_VERSION transient variable. Notice that the transient variable is being sanitized to remove any spaces from the title of the WordPress version. This is important because it is part of the exploit code.