0day vuln – Remote file upload in UserPro – User Profiles with Social Login

0day vuln – Remote file upload in UserPro – User Profiles with Social Login

January 15, 2014 5:28 am 0 comments

Found 0day vulnerability in UserPro

http://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681

Will follow with details once vendor fixes the issue

Update:

check userupload/lib/fileupload/fileupload.php
 
geniuses

This function takes “userpro_file” from $_FILES and just moves it to wp-content/uploads/userpro/..
No security checks whatsoever, so malicious users can upload ANYTHING to the server

P.S. how the hell it got ~700 purchases with such code?

Leave a reply


%d bloggers like this: