Arbitrary File Upload Vulnerability in WordPress SB Uploader plug-in

Release date:
Updated on:

Affected Systems:
WordPress SB Uploader 3.9
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57074
 
SB Uploader is a simple plug-in that uploads images and attaches them to the content.

WordPress SB Uploader has a security vulnerability. wp-content/plugins/sb-uploader/sb_uploader.php does not verify the uploaded files. By submitting malicious PHP scripts, any PHP code can be executed.
 
<* Source: edevil aXe

Link: http://packetstormsecurity.com/files/119159/wpsbuploader39-shell.txt
Http://www.securelist.com/en/advisories/48076
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
The following test method is provided:
 
P0c: localhost/wp-content/uploads/2012/12/cOol.htm

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:
 
If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:
 
* Disable the WordPress SB Uploader plug-in
 
Vendor patch:
 
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://wordpress.org/extend/plugins/sb-uploader/