[+] Exploit Title ; Wordpress wp File Manager plugin SSRF/XSPA Vulnerability

[+] Date : 2017-01-12

[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS

[+] Vendor Homepage : https://wordpress.org/plugins/wp-file-manager/

[+] Version : 1.9

[+] Dork : N/A

[+] Tested On : windows 10 - kali linux 2.0

[+] Contact : https://telegram.me/WebServer

[+] poc :

[!] Go to the File Manager section So you can upload the file.
[!] You can upload files through a link and a computer
[!] Insert a link in the box instead of drag and drop
a [!] In this vulnerability, we only use port scanning
[!] If you use the following payload, you can see the server SSH version
[!] For View Results,Right Click on uploaded file and select preview. Now
you can see ssh     version


[+] For Ex :
[!] http://localhost:port(for Ex :22)/YourFile.jpg

[+] ScreenShot :

[!] http://s6.uplod.ir/i/00908/o78hj8pp1i9u.png


[+] Video :

[!] https://www.youtube.com/watch?v=WI_K9l55f88&feature=youtu.be



[+] Exploitation Technique:

[!] Local


[+] Severity Level:

[!] Medium