WordPress WP File Manapger plugin version 1.9 suffers from a server-side request forgery vulnerability.
7cd2292455e743a0f998658cc8d5ad82[+] Exploit Title ; Wordpress wp File Manager plugin SSRF/XSPA Vulnerability
[+] Date : 2017-01-12
[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage : https://wordpress.org/plugins/wp-file-manager/
[+] Version : 1.9
[+] Dork : N/A
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] poc :
[!] Go to the File Manager section So you can upload the file.
[!] You can upload files through a link and a computer
[!] Insert a link in the box instead of drag and drop
a [!] In this vulnerability, we only use port scanning
[!] If you use the following payload, you can see the server SSH version
[!] For View Results,Right Click on uploaded file and select preview. Now
you can see ssh version
[+] For Ex :
[!] http://localhost:port(for Ex :22)/YourFile.jpg
[+] ScreenShot :
[!] http://s6.uplod.ir/i/00908/o78hj8pp1i9u.png
[+] Video :
[!] https://www.youtube.com/watch?v=WI_K9l55f88&feature=youtu.be
[+] Exploitation Technique:
[!] Local
[+] Severity Level:
[!] Medium