Ninja Tables LFI
Unauthenticated Arbitrary File Read PoC
A proof of concept for a critical vulnerability (Unauthenticated Arbitrary File Read via ninja_table_force_download) in the Ninja Tables plugin for WordPress (< 4.1.9).
Built using Security Research, Vulnerability PoC
- Extracts the ninja_table_public_nonce automatically
- Reads /etc/os-release without authentication
- Reads /etc/passwd and arbitrary server files
If you're curious, feel free to explore: