CVE-2014-8799
published 2014-11-28CVE-2014-8799: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote…
PriorityP356medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
68.46%
99.2th percentile
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dukapress | dukapress | <= 2.5.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to dp_image.php with a 'src' parameter containing directory traversal sequences (../) targeting wp-config.php or other sensitive files. ↗
- →Successful exploitation returns wp-config.php contents; match response body for WordPress database credential strings DB_NAME, DB_PASSWORD, DB_USER, DB_HOST. ↗
- →The vulnerable code path is triggered when $_REQUEST['w'] and $_REQUEST['h'] are absent, causing dp_img_resize() to return the raw src value and pass it to file_get_contents(). ↗
- →Use Google dork to identify exposed WordPress installations running the DukaPress plugin as potential targets. ↗
- ·Vulnerability affects DukaPress plugin versions up to and including 2.5.3; version 2.5.4 contains the fix. The Metasploit module targets <= 2.5.3. ↗
- ·The exploit requires no authentication (Au:N) and is network-accessible, making it trivially exploitable against any exposed WordPress instance with the vulnerable plugin installed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
exploitdb·2014-11-24·CVSS 5.0
CVE-2014-8799 [MEDIUM] WordPress Plugin DukaPress 2.5.2 - Directory Traversal
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
---
# Exploit Title: DukaPress 2.5.2 Path Traversal
# Date: 27-10-2014
# Exploit Author: Kacper Szurek - http://security.szurek.pl
# Software Link: https://downloads.wordpress.org/plugin/dukapress.2.5.2.zip
# Category: webapps
# CVE: CVE-2014-8799
1. Description
dp_img_resize() returns $_REQUEST['src'] if $_REQUEST['w'] and $_REQUEST['h'] doesn't exist.
File: dukapress\lib\dp_image.php
if (!function_exists('add_action')) {
require_once('../../../../wp-load.php');
}
echo file_get_contents(dp_img_resize('', $_REQUEST['src'],$_REQUEST['w'], $_REQUEST['h']));
http://security.szurek.pl/dukapress-252-path-traversal.html
2. Proof of Concept
http://wordpress-url/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.p
Nuclei
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
nuclei·CVSS 5.0
CVE-2014-8799 [MEDIUM] WordPress Plugin DukaPress 2.5.2 - Directory Traversal
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
Template:
id: CVE-2014-8799
info:
name: WordPress Plugin DukaPress 2.5.2 - Directory Traversal
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
impact: |
An attacker can exploit this vulnerability to gain unauthorized access to sensitive file
Metasploit
WordPress DukaPress Plugin File Read Vulnerability
metasploit
WordPress DukaPress Plugin File Read Vulnerability
WordPress DukaPress Plugin File Read Vulnerability
This module exploits a directory traversal vulnerability in WordPress Plugin "DukaPress" version <= 2.5.3, allowing to read arbitrary files with the web server privileges.
http://security.szurek.pl/dukapress-252-path-traversal.htmlhttp://www.exploit-db.com/exploits/35346https://exchange.xforce.ibmcloud.com/vulnerabilities/98943https://plugins.trac.wordpress.org/changeset/1024640/dukapresshttps://wordpress.org/plugins/dukapress/changelog/http://security.szurek.pl/dukapress-252-path-traversal.htmlhttp://www.exploit-db.com/exploits/35346https://exchange.xforce.ibmcloud.com/vulnerabilities/98943https://plugins.trac.wordpress.org/changeset/1024640/dukapresshttps://wordpress.org/plugins/dukapress/changelog/
2014-11-28
Published