Remote LFI for Direct Download for WooCommerce up to v1.15.
This is a exploit written in python that exploit a lfi vulnerability in Direct Download for WooCommerce, a WordPress plugin, it affect to all versions up to 1.15.
This exploit can be configured to use it in BrutiFramework, you can download it here, but you can run it any way.
This exploit allow you:
- Test if the plugin exists in the server.
- Download any file from the server where the plugin is running.
- Select any option by default or make your own personalized downlaod.
This exploit not allow you:
- Download files that the main server can’t read.
- Exploit the plugin over v1.15 or partched.
How to use
Use this exploit is very easy, to view an completly tutorial talking about how to use it, you can see the post: How to use EXPLOIT: Remote LFI for Direct Download for WooCommerce up to v1.15.