dil_bert Posted November 25, 2019 Share Posted November 25, 2019 hello dear community, topic today: arbitrary file upload :: is this a vulnerability in WordPress just recognized some folders in a freshly wordpress-installation see the following: wp-contents/uploads/ /2016/ /2017/ /2018/ /2019/ NOTE. THE SITE WAS INSTALLED freshliy IN summer 2019 i have had no installation before.. so what happend here ...!?` btw found some interesting reading on the net well that looks interesting Arbitrary file upload vulnerability in WordPress User Submitted Posts .... curl http://example.com/wp-content/uploads/2019/04/script.php.gif ...</blockquote>https://www.pluginvulnerabilities.com/2018/01/29/arbitrary-file-upload-vulnerability-in-wordpress-forms/ Quote The function that handles that, process_submition(), will save submitted files to the directory for the current year/month in the directory /wp-content/uploads/ with the following code: 362 363 $upload_dir = wp_upload_dir(); move_uploaded_file( $_FILES[$key]['tmp_name'], $upload_dir['path'] . '/' . $_FILES[$key]['name'] ); The code does try to restrict .php files from being uploaded with the following code: 358 359 if ( $_FILES[$key]['type'] == 'application/octet-stream' or $_FILES[$key]['type'] == 'application/x-httpd-php' ) wp_die( "Error: For security reasons you can't upload application files!" ); That code isn’t effective because the “type” value it checks is user specified, so a .php file could be uploaded with the type specified as something else and it will pass that check. While this type of vulnerability is fairly likely to be exploited if hackers are aware of it, in the case of the website we were cleaning, the plugin was deactivated, so the vulnerability could not have been exploited. question - is this anything serious that i have found!? Quote Link to comment https://forums.phpfreaks.com/topic/309575-arbitrary-file-upload-is-this-a-vulnerability-in-wordpress/ Share on other sites More sharing options...
requinix Posted November 25, 2019 Share Posted November 25, 2019 If the file was uploaded in 2016 then I doubt you're running a current version of WordPress. Quote Link to comment https://forums.phpfreaks.com/topic/309575-arbitrary-file-upload-is-this-a-vulnerability-in-wordpress/#findComment-1571879 Share on other sites More sharing options...
dil_bert Posted December 1, 2019 Author Share Posted December 1, 2019 hi there requinix many thanks for the reply - sure thing - i have had a closer look at this. i try to clear this up. Your ideas were very convincing. i take them into consideration. greetings Quote Link to comment https://forums.phpfreaks.com/topic/309575-arbitrary-file-upload-is-this-a-vulnerability-in-wordpress/#findComment-1572073 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.