In that case, I don’t think your site has been successfully compromised (from what I’ve seen) as the plugin would have allowed that file to be uploaded under normal conditions. That was probably just the hacker trying to figure out how filetypes were detected.
My site was hacked and the plugin was the entry way for a java script upload. I did update to 0.71, but not before the hack unfortunately. I missed the update.
Description:
A vulnerability has been discovered in the Easy Comment Uploads plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the wp-content/plugins/easy-comment-uploads/upload.php script not properly verifying uploaded file types. This can be exploited to upload a PHTML file and execute arbitrary PHP code.
Here is the advisory link http://secunia.com/advisories/45959/.
I have the script that was uploaded if anyone wants to see it.
It’s a great plugin for uploading pics! I have been hacked 2 times so far by using it on the prior version. I hope VER 0.71 will correct this. I am still running the plugin. I will know soon enough.
@slgearin
Thanks for bearing with me. Version 0.71 has switch from using blacklists to whitelists so issues of this kind should hopefully be much less likely in the future.
