| Title: Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2015-09-15 |
| CVE-ID:[CVE-2015-1000012] |
| CWE: CWE-200 Information Leak / Disclosure |
| Download Site: https://wordpress.org/plugins/mypixs/ |
| Vendor: https://profiles.wordpress.org/tomb/ |
| Vendor Notified: 2015-09-16 |
| Vendor Contact: vendor supplied webform |
| Advisory: http://www.vapidlabs.com/advisory.php?v=154 |
| Description: MyPixs is a simple, yet powerful JavaScript and PHP application that gives you the possibility to display a lot of photos on your blog. |
| Vulnerability: Typical local file inclusion vulnerability:
from downloadpage.php:
<?php
$url = $_REQUEST["url"];
if ($url != "") {
include($url);
}
?>
I've tried to get RCE but didn't have success reading from /proc/self/environ or /var/log/apache2/access.log
|
| Export: JSON TEXT XML |
Exploit Code:
|
| Screen Shots: |
| Notes: |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory