Title: Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2015-07-12 |
[CVE-2015-1000008] |
Download Site: https://wordpress.org/plugins/mp3-jplayer/ |
Vendor: |
Vendor Notified: 2015-08-06 |
Vendor Contact: |
Advisory: http://www.vapidlabs.com/advisory.php?v=149http://www.vapidlabs.com/advisory.php?v=149 |
Description: Easy, Flexible Audio for WordPress. |
Vulnerability: The download code allows arbitrary users to disclose path information on wordpress sites with this plugin installed.
120 $info = "<p>
121 Get: " . $mp3 . "<br />
122 Sent: " . $sent . "<br />
123 File: " . $file . "<br />
124 Open: " . $_SERVER['DOCUMENT_ROOT'] . $fp . "<br />
125 Root: " . $rooturl . "<br />
126 pID: " . $playerID . "<br />
127 Dbug: " . $dbug . "<br />
128 extension: " . $fileExtension . "</p>";
129 echo $info;
|
Export: JSON TEXT XML |
Exploit Code:
|
Screen Shots: |
Notes: |