Wordpress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload

vendor:

Custom Content Type Manager

by:

Adrien Thierry

CVSS

HIGH

Arbitrary File Upload

264

CWE

Product Name: Custom Content Type Manager

Affected Version From: 0.9.5.13-pl

Affected Version To: 0.9.5.13-pl

Patch Exists: YES

Related CWE: N/A

CPE: a:wordpress:custom_content_type_manager

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2012

WordPress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload

WordPress Custom Content Type Manager plugin version 0.9.5.13-pl is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious file to the upload_form.php page and gain remote code execution. The malicious file can be uploaded with an image extension such as .jpg, .png, or .gif.

Mitigation:

Upgrade to the latest version of the WordPress Custom Content Type Manager plugin.

Source

Exploit-DB raw data:

###########################################################
#
# Exploit Title: Wordpress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload
# Google Dork: inurl:wp-content/plugins/custom-content-type-manager/
# Date: 11/06/2012
# Exploit Author: Adrien Thierry
# Vendor Homepage:  http://www.fireproofsocks.com/
# Software Link: http://downloads.wordpress.org/plugin/custom-content-type-manager.0.9.5.13.zip
# Version: 0.9.5.13
#
###########################################################

Vuln page : http://mysite.com/wp-content/plugins/custom-content-type-manager/upload_form.php

exploit :

http://mysite.com/wp-content/plugins/custom-content-type-manager/upload_form.php

	-> upload your shell with image ext (jpg|png|gif)
	
shell access : http://mysite.com/wp-content/uploads/[YYYY]/[MM]/shell.php.jpg

#####################################################################