WordPress Cimy User Extra Fields 2.3.7 Shell Upload

2012.07.19
Credit: Crim3R
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

# Exploit Title: wordpress plugin Cimy User Extra Fields Arbitrary File Upload Vulnerability # Google Dork: inurl:"inurl:/wp-content/Cimy_User_Extra_Fields" # Date: 07/18/2012 # Author: Crim3R # plugin download Link : http://downloads.wordpress.org/plugin/cimy-user-extra-fields.2.3.7.zip # Version: 2.3.7 # Tested on: all ======================================== you can find avatar upload in Registration form with extra fields 0r User's profile with extra fields witch is available for all types of users. an attacker can upload shell in many ways like modifying Headers or ... shell access : http://wordpress/wp-content/Cimy_User_Extra_Fields/username/avatar.jpg.php ===============Crim3R@Att.Net=========== $home = http://Secure-Land.net thanks to : 2MzRp - Mikili - Amir - 0x0ptim0us - iC0d3R - farbodmahini and all Secure-land Members...

References:

http://downloads.wordpress.org/plugin/cimy-user-extra-fields.2.3.7.zip


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top