Jump to content
dil_bert

arbitrary file upload :: is this a vulnerability in WordPress

Recommended Posts

hello dear community, 


topic today: arbitrary file upload :: is this a vulnerability in WordPress


just recognized some folders in a freshly wordpress-installation 

see the following: 

 


wp-contents/uploads/

/2016/
/2017/
/2018/
/2019/


NOTE. THE SITE WAS INSTALLED freshliy IN summer 2019 
i have had no installation before.. 
so what happend here ...!?`

btw found some interesting reading on the net


well that looks interesting Arbitrary file upload vulnerability in WordPress User Submitted Posts .... curl http://example.com/wp-content/uploads/2019/04/script.php.gif ...</blockquote>https://www.pluginvulnerabilities.com/2018/01/29/arbitrary-file-upload-vulnerability-in-wordpress-forms/

Quote

 


The function that handles that, process_submition(), will save submitted files to the directory for the current year/month in the directory /wp-content/uploads/ with the following code:

362
363
$upload_dir = wp_upload_dir();
move_uploaded_file( $_FILES[$key]['tmp_name'], $upload_dir['path'] . '/' . $_FILES[$key]['name'] );
The code does try to restrict .php files from being uploaded with the following code:

358
359
if ( $_FILES[$key]['type'] == 'application/octet-stream' or $_FILES[$key]['type'] == 'application/x-httpd-php' )
    wp_die( "Error: For security reasons you can't upload application files!" );
That code isn’t effective because the “type” value it checks is user specified, so a .php file could be uploaded with the type specified as something else and it will pass that check.

While this type of vulnerability is fairly likely to be exploited if hackers are aware of it, in the case of the website we were cleaning, the plugin was deactivated, so the vulnerability could not have been exploited.

 

question - is this anything serious that i have found!? 

Share this post


Link to post
Share on other sites

If the file was uploaded in 2016 then I doubt you're running a current version of WordPress.

Share this post


Link to post
Share on other sites

hi there requinix 

many thanks for the reply - sure thing - i have had a closer look at this. 

i try to clear this up. Your ideas were very convincing.  i take them into consideration. 

 

greetings 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.