Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtPanagiotis Vagenas1337DAY-ID-23701
HistoryJun 04, 2015 - 12:00 a.m.

WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion Vulnerability

2015-06-0400:00:00
Panagiotis Vagenas
0day.today
39

0.083 Low

EPSS

Percentile

93.7%

JSON

Exploit for php platform in category web applications

# Exploit Title: CVE-2015-4153 - WordPress zM Ajax Login & Register
Plugin [Local File Inclusion]
# Date: 2015/06/01
# Exploit Author: Panagiotis Vagenas
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://zanematthew.com/
# Software Link:
https://downloads.wordpress.org/plugin/zm-ajax-login-register.1.0.9.zip
# Version: 1.0.9
# Tested on: WordPress 4.2.2
# Category: webapps
# CVE: CVE-2015-4153
 
* Description
 
Any authenticated or non-authenticated user can perform a local file
inclusion attack by exploiting the wp_ajax_nopriv_load_template action.
Plugin simply includes the file specified in 'template' POST parameter
without any further validation.
 
* Proof of Concept
 
Send a post request to
`http://my.vulnerable.website.com/wp-admin/admin-ajax.php` with data:
`action=load_template&template=[relative path to local
file]&security=[wp nonce]&referer=[action from which the nonce came from]`
 
* Timeline
 
2015/06/01 Discovered
2015/06/01 Vendor alerted via contact form at his website
2015/06/03 Vendor responded
2015/06/03 Fixed in version 1.1.0
 
 
* Solution
 
Update to version 1.1.0

#  0day.today [2018-01-09]  #

Related

patchstack 1
prion 1
packetstorm 1
exploitpack 1
cve 1
securityvulns 2
wpvulndb 1
exploitdb 1
nessus 1
openvas 1
gentoo 1
patchstack
patchstack
WordPress ZM Ajax Login & Register Plugin 1.0.9 - Local File Inclusion
2015-06-04 00:00:00
prion
prion
Directory traversal
2015-06-10 18:59:00
packetstorm
packetstorm
WordPress zM Ajax Login Register 1.0.9 Local File Inclusion
2015-06-05 00:00:00
exploitpack
exploitpack
WordPress Plugin zM Ajax Login Register 1.0.9 - Local File Inclusion
2015-06-04 00:00:00
cve
cve
CVE-2015-4153
2015-06-10 18:59:00
securityvulns
securityvulns
CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion]
2015-06-08 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-06-08 00:00:00
wpvulndb
wpvulndb
zM Ajax Login & Register 1.0.9 - Local File Inclusion & XSS
2015-06-04 00:00:00
exploitdb
exploitdb
WordPress Plugin zM Ajax Login & Register 1.0.9 - Local File Inclusion
2015-06-04 00:00:00
nessus
nessus
GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)
2016-01-04 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201512-10
2015-12-31 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-12-30 00:00:00

0.083 Low

EPSS

Percentile

93.7%

JSON
Related for 1337DAY-ID-23701
patchstack1prion1packetstorm1exploitpack1cve1securityvulns2wpvulndb1exploitdb1nessus1openvas1gentoo1