module
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
| Disclosed | Created |
|---|---|
| 2013-01-03 | 2018-05-30 |
Disclosed
2013-01-03
Created
2018-05-30
Description
This module exploits an arbitrary file disclosure flaw in the WordPress
blogging software plugin known as Google Document Embedder. The vulnerability allows for
database credential disclosure via the /libs/pdf.php script. The Google Document Embedder
plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL
server is exposed on an accessible IP and WordPress has filesystem write access.
Please note: The admin password may get changed if the exploit does not run to the end.
blogging software plugin known as Google Document Embedder. The vulnerability allows for
database credential disclosure via the /libs/pdf.php script. The Google Document Embedder
plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL
server is exposed on an accessible IP and WordPress has filesystem write access.
Please note: The admin password may get changed if the exploit does not run to the end.
Author
Charlie Eriksen
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.