Jump to content
KhiZaRix

WordPress Aspose PDF Exporter File Download

By KhiZaRix, in Exploituri

Recommended Posts

KhiZaRix Newbie

KhiZaRix

Posted
Posted

Exploit Title : Wordpress Aaspose-pdf-exporter Plugin File Download

Vulnerability

Exploit Author : Ashiyane Digital Security Team

Vendor Homepage: https://wordpress.org/plugins/aspose-pdf-exporter/

Download Link : https://downloads.wordpress.org/plugin/aspose-pdf-exporter.zip

Date : 28 / 3 / 2015

Tested On : windows 8.1 + linux Kali

#########################################

#########################################

~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~>

Exploit: |

| [+] Vulnerable file :

404 Not Found

~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~>

Vulnerable Code :

<?php

$file = $_GET['file'];

$file_arr = explode('/',$file);

$file_name = $file_arr[count($file_arr) - 1];

header ("Content-type: octet/stream");

header ("Content-disposition: attachment; filename=".$file_name.";");

header("Content-Length: ".filesize($file));

readfile($file);

exit;

?>

404 Not Found[File

Address]

Examples :

404 Not Found

#########################################

#########################################

Discovered by : Rq07

#########################################

Source: http://dl.packetstormsecurity.net/1503-exploits/wpaspose-disclose.txt

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...