Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-01 Download Site: http://ift.tt/1fDXcVS Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Vendor Contact: https://twitter.com/1eftHander Description: Image Export plugin can help you selectively download images uploaded by an administrator . Vulnerability: The code in file download.php doesn't do any checking that the user is requesting files from the uploaded images directory only. And line 8 attempts to unlink the file after being downloaded. This script could be used to delete files out of the wordpress directory if file permissions allow. 1 CVEID: TBD Exploit Code: • $ curl http://ift.tt/1O2feeX Screen Shots: Advisory: http://ift.tt/1M2GtYp
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment