WordPress Mobile App Native Plugin Vulnerability Leads to Web Site PWNage

March 6, 2017

The Mobile App Native Plugin for WordPress lets you turn your website into a mobile application in just a few minutes. Recently, there was a vulnerability discovered that allows attackers to execute remote code.

It turns out that the plugin does not:

  1. Require authentication for file uploads. Any user can upload any file, be it text, image or even executable.
  2. 2. Check if the uploaded file contains executable code.

Given the above, any user can simply upload a php file that allows for code execution. This is similar to the backdoor.php file shown in How To Own A Web Server By Writing An Email (Jan 4, 2017)

Once the backdoor.php has been successfully uploaded, the attacker can, then go to it and perform any malicious actions he or she wishes.

SonicWALL Threat Research Team has researched this vulnerability and have the following signatures in place to protect their customers:

  • WAF:9016 - PHP Injection Attack
  • WAF:9039 - PHP Injection Attack 2