Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    86371177

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
# Exploit Title: WP Security Audit Log Plugin, Sensitive Information Disclosure <= 3.1.1 
# Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/
# Date: 3/13/2018
# Exploit Author: Colette Chamberland, Defiant, Inc.
# Vendor Homepage: http://wpwhitesecurity.com
# Software Link: https://wordpress.org/plugins/wp-security-audit-log/
# Version: <=3.1.1
# Tested on: Wordpress 4.9.x
# CVE : CVE-2018-8719

Description:
No protection on the wp-content/uploads/wp-security-audit-log/*
which is indexed by google and allows for attackers to possibly find user information (bad login attempts)

/wp-security-audit-log/classes/Sensors/System.php':
$upload_dir = wp_upload_dir();
$uploads_dir_path = trailingslashit( $upload_dir['basedir'] ) . 'wp-security-audit-log/404s/users/';
$uploads_url = trailingslashit( $upload_dir['baseurl'] ) . 'wp-security-audit-log/404s/users/';

/wp-security-audit-log/classes/Sensors/LogInOut.php':
// Directory for logged in users log files.
		$user_upload_dir    = wp_upload_dir();
		$user_upload_path   = trailingslashit( $user_upload_dir['basedir'] . '/wp-security-audit-log/failed-logins/' );
		if ( ! $this->CheckDirectory( $user_upload_path ) ) {
			wp_mkdir_p( $user_upload_path );
		}