Exploits / Vulnerability Discovered : 2018-12-27 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin audio record 1.0 arbitrary file upload is for educational purposes only and if it is used you will do on your own risk!
# Unrestricted file upload in record upload process allowing arbitrary extension.
# File: recorder.php
# Vulnerable code:
function save_record_callback() {
foreach(array('audio') as $type) {
if (isset($_FILES["${type}-blob"])) {
# Uploaded file will be located at standard WordPress media upload directory (for ex: /wp-content/uploads/year/month/).
# If directory listing is disabled - file name can be guessed due to cryptographically insecure nature of uniqid() call.
Wordpress plugin audio record 1.0 arbitrary file upload