3 Replies - 244 Views - Last Post: 26 November 2019 - 10:14 AM Rate Topic: -----

#1 sayhello   User is offline

  • D.I.C Regular

Reputation: 4
  • View blog
  • Posts: 302
  • Joined: 12-November 17

arbitrary file upload :: is this a vulnerability in WordPress

Posted 25 November 2019 - 01:19 AM


hello dear community, 


topic today: arbitrary file upload :: is this a vulnerability in WordPress


just recognized some folders in a freshly wordpress-installation 

see the following: 

 

wp-contents/uploads/

/2016/
/2017/
/2018/
/2019/



NOTE. THE SITE WAS INSTALLED freshliy IN summer 2019 
i have had no installation before.. 
so what happend here ...!?`

btw found some interesting reading on the net


well that looks interesting Arbitrary file upload vulnerability in WordPress User Submitted Posts .... curl http://example.com/w.../script.php.gif ...</blockquote>https://www.pluginvulnerabilities.com/2018/01/29/arbitrary-file-upload-vulnerability-in-wordpress-forms/

Quote

The function that handles that, process_submition(), will save submitted files to the directory for the current year/month in the directory /wp-content/uploads/ with the following code:

362
363
$upload_dir = wp_upload_dir();
move_uploaded_file( $_FILES[$key]['tmp_name'], $upload_dir['path'] . '/' . $_FILES[$key]['name'] );
The code does try to restrict .php files from being uploaded with the following code:

358
359
if ( $_FILES[$key]['type'] == 'application/octet-stream' or $_FILES[$key]['type'] == 'application/x-httpd-php' )
    wp_die( "Error: For security reasons you can't upload application files!" );
That code isn’t effective because the “type” value it checks is user specified, so a .php file could be uploaded with the type specified as something else and it will pass that check.

While this type of vulnerability is fairly likely to be exploited if hackers are aware of it, in the case of the website we were cleaning, the plugin was deactivated, so the vulnerability could not have been exploited.

question - is this anything serious that i have found!? 



Is This A Good Question/Topic? 0
  • +

Replies To: arbitrary file upload :: is this a vulnerability in WordPress

#2 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2494
  • View blog
  • Posts: 7,551
  • Joined: 15-January 14

Re: arbitrary file upload :: is this a vulnerability in WordPress

Posted 25 November 2019 - 08:28 AM

Are you using the specific plugin they're talking about? They say it was removed by the developer 5 years ago.
Was This Post Helpful? 0
  • +
  • -

#3 sayhello   User is offline

  • D.I.C Regular

Reputation: 4
  • View blog
  • Posts: 302
  • Joined: 12-November 17

Re: arbitrary file upload :: is this a vulnerability in WordPress

Posted 26 November 2019 - 10:13 AM

hi there

good evening - no i do not make use of some specific plugins - it is just a fresh install.
Was This Post Helpful? 0
  • +
  • -

#4 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2494
  • View blog
  • Posts: 7,551
  • Joined: 15-January 14

Re: arbitrary file upload :: is this a vulnerability in WordPress

Posted 26 November 2019 - 10:14 AM

Then that vulnerability report doesn't apply to you, it's talking about a specific plugin.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1