You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Word Press Product Bugs Report
Bug Name LFI (Local File Inclusion)
Area Path NextGEN Gallery by Photocrati Version 2.1.7 (Plugin)
Last Updated 12-08-2015
Compatible Up to Wordpress 4.3.0 Version (Requires: 3.6.1 or higher)
Severity High
Reported by Sathish from Cyber Security Works Pvt Ltd ([email protected])
The existed filter name with Local File Inclusion (LFI) payload is executing when the user tries to modify the File path with LFI Payload & sent to the server.
POC: Figure 1: HTTP Request & Response for the vulnerable dir variable with ../../../../../../../../../../../xampp/htdocs/wordpress/ (Any traversal) payload
Note: Similarly, The user can fetch any details from any website hosted in the same server.
Reproducing Steps:
Logon into the application.
Access NextGEN Gallery by Photocrati Plugin
Click on the path selection on the given folders.
Modify dir variable value with ../../../../../../../../../../../xampp/htdocs/wordpress/ (Any traversal) payload in the intercepting proxy.
Now You can see the internal available system folders
The text was updated successfully, but these errors were encountered:
cybersecurityworks
changed the title
Local File Inclusion (LFI)
Local File Inclusion (LFI) in NextGEN Gallery by Photocrati Version 2.1.7
Aug 28, 2015
cybersecurityworks
changed the title
Local File Inclusion (LFI) in NextGEN Gallery by Photocrati Version 2.1.7
Traversal Attack / Local File Inclusion (LFI) in NextGEN Gallery by Photocrati Version 2.1.7
Sep 14, 2015
Word Press Product Bugs Report
Bug Name LFI (Local File Inclusion)
Area Path NextGEN Gallery by Photocrati Version 2.1.7 (Plugin)
Last Updated 12-08-2015
Compatible Up to Wordpress 4.3.0 Version (Requires: 3.6.1 or higher)
Severity High
Reported by Sathish from Cyber Security Works Pvt Ltd ([email protected])
The existed filter name with Local File Inclusion (LFI) payload is executing when the user tries to modify the File path with LFI Payload & sent to the server.
POC:
Figure 1: HTTP Request & Response for the vulnerable dir variable with ../../../../../../../../../../../xampp/htdocs/wordpress/ (Any traversal) payload
Note: Similarly, The user can fetch any details from any website hosted in the same server.
Reproducing Steps:
The text was updated successfully, but these errors were encountered: