wordpress plugin Cimy User Extra Fields Arbitrary File Upload Vulnerability

2012-07-18 22:34:42
Posted by: Crim3R

# Exploit Title: wordpress plugin Cimy User Extra Fields Arbitrary File Upload Vulnerability

# Google Dork: inurl:"inurl:/wp-content/Cimy_User_Extra_Fields"

# Date: 07/18/2012

# Author: Crim3R

# plugin download Link : http://downloads.wordpress.org/plugin/cimy-user-extra-fields.2.3.7.zip

# Version: 2.3.7

# Tested on: all

========================================

you can find avatar upload in Registration form with extra fields 0r User's profile with extra fields
witch is available for all types of users.
an attacker can upload shell in many ways like modifying Headers or ...

shell access : http://wordpress/wp-content/Cimy_User_Extra_Fields/username/avatar.jpg.php


[email protected]===========


$home = http://Secure-Land.net

thanks to : 2MzRp - Mikili - Amir - 0x0ptim0us - iC0d3R - farbodmahini

and all Secure-land Members ...

Fixes

No fixes

In order to submit a new fix you need to be registered.