Hi guys. I fount a new vulnerabiliti in a wordpress plugin called: Direct Download for WooCommerce. This vulnerability allow you make an Remote LFI download, so, we can download any in the server where were running this plugin, I fount this vulnerability the last week and I reported this to Kameleon but i dont know if this bug is partched right now in a new versión. Ive been written an exploit to this plugin in Python. This exploit allow you: - Test if the plugin exists in the server. - Download any file from the server where the WordPress plugin is running. - Select any option by default or make your own personalized download. I published this exploit in my website today, here youve got the direct link: http://ift.tt/2iC3k1v mmerce-up-to-v1-15/ Thanks for all!
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment