WordPress Import CSV 1.1 Directory Traversal

Posted on 30 November -0001

<HTML><HEAD><TITLE>WordPress Import CSV 1.1 Directory Traversal</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: Wordpress Import CSV | Directory Traversal
# Exploit Author: Wadeek
# Website Author: https://github.com/Wad-Deek
# Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip
# Stable Tag: 1.1
# Tested on: Xampp on Windows7
  
[Version Disclosure]
======================================
/wp-content/plugins/xml-and-csv-import-in-article-content/readme.txt
======================================
  
[PoC]
======================================
Go to /wp-content/plugins/xml-and-csv-import-in-article-content/upload-process.php.
Click on the link "From an url".
In "URL" field to write "../../../wp-config.php".
Validate form and inspect the body.
======================================

</BODY></HTML>

TOP

Malware :

None in database

Last 20

Exploits :

Last 20