KhiZaRix Posted March 31, 2015 Report Posted March 31, 2015 (edited) |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title: Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/aspose-doc-exporter/developers/ | [+] Download Link : https://downloads.wordpress.org/plugin/aspose-doc-exporter.zip | [+] Tested on: Windows,Linux | | [+] Discovered By : ACC3SS |-------------------------------------------------------------------------| | [+] Exploit: | | [+] Vulnerable file : 404 Not Found | | [+] Vulnerable Code :<?php$file = $_GET['file'];$file_arr = explode('/',$file);$file_name = $file_arr[count($file_arr) - 1];header ("Content-type: octet/stream");header ("Content-disposition: attachment; filename=".$file_name.";");header("Content-Length: ".filesize($file));readfile($file);exit;?> | [+] 404 Not Found[File Address] | [+] | [+] Examples : 404 Not Found |-------------------------------------------------------------------------| |*||*||*||*||*||*||*||*||*||*||*||*||*Source: http://dl.packetstormsecurity.net/1503-exploits/wpasposede-disclose.txtEdit: Cer ca postul acesta s? fie ?ters dac? se poate , originally posted by Aerosol : https://rstforums.com/forum/99636-wordpress-aspose-doc-exporter-plugin-1-0-arbitrary-file-download-vulnerability.rst Edited March 31, 2015 by KhiZaRix Quote
.thumb.jpg.29b1f7ae7dd9ad5a11e41a710722ba35.jpg)