-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wordpress: Duplicator plugin - unauthenticated arbitrary file read #14497
Conversation
Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download
Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download
Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download
@h00die . Hi. My code was uploaded 8 hours ago but has not been included in TravisCI |
Travis is running slow lately, it will run the pull request eventually 😄 This other pull request #14495 is investigating the use of Github actions as an alternative to using Travis, but that won't impact this pull request 👍 |
Thank you! In the meantime, I am writing new modules (^^!) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would recommend running through msftidy, msftidy_docs, and rubocop
documentation/modules/auxiliary/scanner/http/wp_duplicator_file_read.md
Outdated
Show resolved
Hide resolved
documentation/modules/auxiliary/scanner/http/wp_duplicator_file_read.md
Outdated
Show resolved
Hide resolved
documentation/modules/auxiliary/scanner/http/wp_duplicator_file_read.md
Outdated
Show resolved
Hide resolved
documentation/modules/auxiliary/scanner/http/wp_duplicator_file_read.md
Outdated
Show resolved
Hide resolved
Hi. @h00die . Thanks for your enthusiastic help. I will correct everything according to your suggestion ! |
documentation/modules/auxiliary/scanner/http/wp_duplicator_file_read.md
Outdated
Show resolved
Hide resolved
documentation/modules/auxiliary/scanner/http/wp_duplicator_file_read.md
Outdated
Show resolved
Hide resolved
@h00die. I corrected everything!!!. Sorry for not doing well |
no worries, its a learning experience!!! |
documentation/modules/auxiliary/scanner/http/wp_duplicator_file_read.md
Outdated
Show resolved
Hide resolved
rubocop and minor adjustments
Dear @h00die . I merged . Thanks a bunch! |
Thanks for the contribution @suncsr ! |
Release NotesNew auxiliary module |
Description
This module exploits an unauthenticated directory traversal vulnerability in WordPress plugin "Duplicator" plugin version 1.3.24-1.3.26, allowing arbitrary file read with the web server privileges.
This vulnerability was being actively exploited when it was discovered.
Verification Steps
Confirm that functionality works:
msfconsole
use auxiliary/scanner/http/wp_duplicator_file_read
RHOSTS
RPORT
run
Scenarios
Ubuntu 20.04 running WordPress 5.6, Duplicator 1.2.6
[Link] http://stg.hiraka.ml:8080/wordpress