WordPress A Page Flip Book plugin local file inclusion vulnerability

Advisory
Secunia Advisory SA 49505

Analysis
A page flip book for WordPress allows for different languages to be used. This is toggled by posting “pageflipbook_language” to the blog, which will update an option and then include the appropiate language. This is done in the main file, pageflipbook.php, which is always included.

We can see that it checks if “pageflipbook_language” is included in a POST parameter on line 30, it will update the option on the blog, otherwise it will pull the language value from the option and put that into the variable. This value is supposed to be the name of a php file. After that, it will include the chosen language file on line 47.

But because there is no validation that the file is a valid language file and there is no directory transversal, we can do a local file inclusion attack on this:

Leave a Reply