[zero code] LFI and Arbitrary file download exploits on Mth3l3m3nt Framework

Categories
LFI, OWASP Mth3l3m3nt, pentest, Web Attacks

This simple post will take you through the process of adding an arbitrary file download exploit to mth3l3m3nt ; so yes no excuse to not have a working PoC for LFI or arbitrary file downloads because “I can’t code”. We will use the case of WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download whose process of coming […]

WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download

Categories
LFI, Uncategorized, Web Attacks, webdev

Today we will discuss poor development practices in wordpress plugins with key focus WordPress Plugin Membership Simplified v1.58 which as of the time of this writing the script is not patched . The vulnerable script is as below: Meta data: Discovery : Larry W Cashdollar  WPVDB ID : 8777 CVE-ID :  CVE-2017-1002008 Dork Standard stuff […]