• WARNING: when checking raw access logs on my server, I discover that hackers try to access a file of this plugin.

    With this exploit they can access the passwd file of your server. /etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, which contains a list of the system’s accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc.

    RAW access information:
    142.44.207.70 – – [10/Oct/2017:15:47:50 +0200] “GET /wp-content/plugins/candidate-application-form/XXX-REMOVEDTHISFORSECURITY-XX/FILE?fileName=../../../../../../../../../../etc/passwd HTTP/1.1” 404 11262 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32”

    Please note: Made some changes so that this exploit is not publicy visible.

    Questions? Please reply below.

    • This topic was modified 7 years, 1 month ago by yachtfocus.
  • The topic ‘WARNING: Exploit found in this plugin!’ is closed to new replies.