WordPress Cimy User Extra Fields 2.3.7 Shell Upload

2012.07.19

Credit: Crim3R

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-264

Dork: inurl:\"inurl:/wp-content/Cimy_User_Extra_Fields\"

# Exploit Title: wordpress plugin Cimy User Extra Fields Arbitrary File Upload Vulnerability
# Google Dork: inurl:"inurl:/wp-content/Cimy_User_Extra_Fields"
# Date: 07/18/2012
# Author: Crim3R
# plugin download Link : http://downloads.wordpress.org/plugin/cimy-user-extra-fields.2.3.7.zip
# Version: 2.3.7
# Tested on: all
========================================
you can find avatar upload in Registration form with extra fields 0r User's
profile with extra fields
witch is available for all types of users.
an attacker can upload shell in many ways like modifying Headers or ...
shell access :
http://wordpress/wp-content/Cimy_User_Extra_Fields/username/avatar.jpg.php
===============Crim3R@Att.Net===========
$home = http://Secure-Land.net
thanks to : 2MzRp - Mikili - Amir - 0x0ptim0us - iC0d3R - farbodmahini
and all Secure-land Members...

References:

http://downloads.wordpress.org/plugin/cimy-user-extra-fields.2.3.7.zip

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Cimy User Extra Fields 2.3.7 Shell Upload

Dork: inurl:\"inurl:/wp-content/Cimy_User_Extra_Fields\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.