wordpress plugin Cimy User Extra Fields Arbitrary File Upload Vulnerability

2012-07-18 22:34:42
Inviato da: Crim3R

# Exploit Title: wordpress plugin Cimy User Extra Fields Arbitrary File Upload Vulnerability

# Google Dork: inurl:"inurl:/wp-content/Cimy_User_Extra_Fields"

# Date: 07/18/2012

# Author: Crim3R

# plugin download Link : http://downloads.wordpress.org/plugin/cimy-user-extra-fields.2.3.7.zip

# Version: 2.3.7

# Tested on: all

========================================

you can find avatar upload in Registration form with extra fields 0r User's profile with extra fields
witch is available for all types of users.
an attacker can upload shell in many ways like modifying Headers or ...

shell access : http://wordpress/wp-content/Cimy_User_Extra_Fields/username/avatar.jpg.php


[email protected]===========


$home = http://Secure-Land.net

thanks to : 2MzRp - Mikili - Amir - 0x0ptim0us - iC0d3R - farbodmahini

and all Secure-land Members ...

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.