Full Disclosure mailing list archives
New exploit for new vulnerability in WordPress Plugin + tutorial
From: "Diego" <diego () diegoceldran es>
Date: Mon, 16 Jan 2017 15:17:13 +0100
Hi guys. I fount a new vulnerabiliti in a wordpress plugin called: Direct Download for WooCommerce. This vulnerability allow you make an Remote LFI download, so, we can download any in the server where were running this plugin, I fount this vulnerability the last week and I reported this to Kameleon but i dont know if this bug is partched right now in a new versión. Ive been written an exploit to this plugin in Python. This exploit allow you: - Test if the plugin exists in the server. - Download any file from the server where the WordPress plugin is running. - Select any option by default or make your own personalized download. I published this exploit in my website today, here youve got the direct link: http://www.diegoceldran.es/producto/remote-lfi-for-direct-download-for-wooco mmerce-up-to-v1-15/ Thanks for all! -------- UPDATE -------- To see an completly tutorial about how to use this exploit youve got it in: http://www.diegoceldran.es/how-to-use-exploit-remote-lfi-for-direct-download -for-woocommerce-up-to-v1-15/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- New exploit for new vulnerability in WordPress Plugin + tutorial Diego (Jan 17)