the original cloud security

WordPress Front End Upload 0.5.4.4 Shell Upload

WordPress Front End Upload 0.5.4.4 Shell Upload
Posted Jul 24, 2012
Authored by Chris Kellum

WordPress Front End Upload version 0.5.4.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | beb98cfe39efbbecf8da50c059f4faa9

WordPress Front End Upload 0.5.4.4 Shell Upload

Change Mirror Download
# Exploit Title: WordPress Front End Upload v0.5.4.4 Arbitrary PHP File Upload Vulnerability
# Date: 7/23/12
# Exploit Author: Chris Kellum
# Vendor Homepage: http://mondaybynoon.com/
# Software Link: http://downloads.wordpress.org/plugin/front-end-upload.0.5.4.4.zip
# Version: 0.5.4.4



=====================
Vulnerability Details
=====================

Plugin does not properly filter filetypes, which allows for the upload of filetypes in the following format:

filename.php.jpg

Vulnerable hosts will serve such files as a php file, allowing for malicious files to be uploaded and executed.

In creating the uploads folder for this plugin, the code utilizes uniqid to add a unique string to the upload folder name in order to better hide it from direct access.

Example:

/wp-content/uploads/feu_9fc12558ac71e6995808cfc590207e87/

However, many WordPress installations allow direct access to the /wp-content/uploads/ folder, so simply look for a folder name beginning with 'feu_' to locate your upload.

===================
Disclosure Timeline
===================

7/13/2012 - Vendor notified
7/23/2012 - Version 0.5.4.6 released
7/23/2012 - Public disclosure

Comments (1)

RSS Feed Subscribe to this comment feed
suspectt

thnx

Comment by suspectt
2012-07-27 08:27:53 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close