Advice for http testing

Hey guys so while crawling/fuzzing a wordpress site that im auditing i came accross an odd output (in the leafpad doc in screenshot) and im wondering how or if this could be exploited?

have you searched for it yet?

like in the url bar? if so then yes, if searching how to exploit this would be it :see_no_evil: tried looking around for a few things but no luck so far info wise

@S1l3n7 A quick look tells me that if it were exploitable it would probably be a traversal-path exploit.

i thought so to, but would it only be able to apply once you have already gained access to the site? no way to use this to exploit in order to gain access?

@S1l3n7 What version of WooComerce is it? What plugins?
Simular scenario HERE

Maybe you should think about urls and such not showing in a screen shot next time??

Thanks so much! Was a really interesting read and looks like a pretty interesting site!

1 Like

Anytime man glad you enjoyed it.