Home / os / winme

WordPress Import CSV 1.1 Directory Traversal

Posted on 30 November -0001

<HTML><HEAD><TITLE>WordPress Import CSV 1.1 Directory Traversal</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: Wordpress Import CSV | Directory Traversal # Exploit Author: Wadeek # Website Author: https://github.com/Wad-Deek # Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip # Stable Tag: 1.1 # Tested on: Xampp on Windows7 [Version Disclosure] ====================================== /wp-content/plugins/xml-and-csv-import-in-article-content/readme.txt ====================================== [PoC] ====================================== Go to /wp-content/plugins/xml-and-csv-import-in-article-content/upload-process.php. Click on the link "From an url". In "URL" field to write "../../../wp-config.php". Validate form and inspect the body. ====================================== </BODY></HTML>

 

TOP