WordPress Plugin WP Security Audit Log Info Disclose.




CVE-2018-8719 

Exploit WordPress Plugin 
WP Security Audit Log InfoDisclose. 

Exploit Author: Colette Chamberland, Defiant, Inc.

https://nvd.nist.gov/vuln/detail/CVE-2018-8719

Explain :

GoogleSearch ( Google Dork ) 
inurl:wp-content/uploads/wp-security-audit-log/

Description

No protection on the wp-content/uploads/wp-security-audit-log/*
which is indexed by google and allows for attackers to
possibly find user information (bad login attempts)
 /wp-security-audit-log/classes/Sensors/System.php':$upload_dir = wp_upload_dir();$uploads_dir_path = trailingslashit( $upload_dir['basedir'] ) . 'wp-security-audit-log/404s/users/';$uploads_url = trailingslashit( $upload_dir['baseurl'] ) . 'wp-security-audit-log/404s/users/'; /wp-security-audit-log/classes/Sensors/LogInOut.php':
// Directory for logged in users log files.        $user_upload_dir    = wp_upload_dir();        $user_upload_path   = trailingslashit( $user_upload_dir['basedir'] . '/wp-security-audit-log/failed-logins/' );        if ( ! $this->CheckDirectory( $user_upload_path ) ) {            wp_mkdir_p( $user_upload_path );        }




Reactions

Post a Comment

0 Comments