[wp-forums] Themes being Attacked

[Otto]

On Wed, Dec 4, 2013 at 6:45 PM, Mika A Epstein <ipstenu at ipstenu.org> wrote:

> So far as I can tell, none of these are on wp.org and I'm going to try
> and scan the plugins for the file, but if anyone HAS a copy of the files,
> we'll be able to see what content is bad and needs fixing :)
>


I found a copy of it. This is the upload-handler.php file. Yes, it's
horrible and allows one to simply upload whatever the hell you want into
the uploads directory with no safety checks of any kind. Note that the
theme I found with this also had a copy of the vulnerable timthumb.php in
it. Not that you need to "exploit" anything with this in there.

The quick fix is to just delete this file.



 <?php
// find wp-load.php
$wpLoad = 'wp-load.php';
for ($i = 0; $i < 8; $i++) {
 if (file_exists($wpLoad)) {
require_once($wpLoad);
 break;
}
$wpLoad = '../'.$wpLoad;
}

// get upload path
$wpUploadDir = wp_upload_dir();
define("BFI_UPLOADPATH", $wpUploadDir['path'] . '/');

$uploaddir = BFI_UPLOADPATH;
$uploadname = basename($_FILES['uploadfile']['name']);
$uploadname = str_ireplace(" ", "_", $uploadname);

if(file_exists($uploaddir.$uploadname)) {
    $uploadname = time().$uploadname;
}

$uploadfile = $uploaddir.$uploadname;

if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $uploadfile)) {
  echo $uploadname;
} else {
  // WARNING! DO NOT USE "FALSE" STRING AS A RESPONSE!
  // Otherwise onSubmit event will not be fired
  echo "error";
}






-Otto