I’ll talk about a Directory Traversa that I found in a well-known plugin but I have to say that it’s a bit limited because it only lists folders.
Here’s a video where I made a POC
I’m sorry I didn’t put more information about the code you use.
- Developer’s appreciation:
https://wordpress.org/plugins/wp-smushit/#developers - Publication in Packetstormsecurity:
https://packetstormsecurity.com/files/144494/WordPress-Smush-Image-2.7.4.1-Directory-Traversal.html - CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15079