Hi guys. I foun’t a new vulnerabiliti in a wordpress plugin called: “Direct Download for WooCommerce”. This vulnerability allow you make an Remote LFI download, so, we can download any in the server where we’re running this plugin, I foun’t this vulnerability the last week and I reported this to Kameleon but i don’t know if this bug is partched right now in a new versión. I’ve been written an exploit to this plugin in Python. This exploit allow you: - Test if the plugin exists in the server. - Download any file from the server where the WordPress plugin is running. - Select any option by default or make your own personalized download. I published this exploit in my website today, here you’ve got the direct link: http://ift.tt/2iC3k1v mmerce-up-to-v1-15/ Thanks for all!
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment