[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] | [+] Exploit Title: Wordpress Better-wp-security Plugin Remote Code Execution | [+] Exploit Author: Tonel Team | [+] Vendor Homepage : https://wordpress.org/plugins/better-wp-security/ | [+] Download Link : https://downloads.wordpress.org/plugin/better-wp-security.4.6.12.zip | [+] Tested on: Kali/lceweasel | [+] Date : 2015-09-30 | [+] Version : 4.6.12 | [+] Google Dork : inurl:wp-content/plugins/better-wp-security | [+] Discovered By : Zeus_Syborg |-------------------------------------------------------------------------| | [+] Exploit: | | [+] Location : http://site.com/wp-content/plugins/better-wp-security/better-wp-security.php | [+] Vulnerability is also triggered in: http://site.com/wp-content/plugins/better-wp-security/core/class-itsec-core.php | [+] Screenshot : http://s6.picofile.com/file/8214838076/Screenshot_from_2015_04_03_012110_e1427980993309.png public function admin_tooltip_ajax() { global $itsec_globals; if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['nonce'] ), 'itsec_tooltip_nonce' ) ) { die (); } if ( sanitize_text_field( $_POST['module'] ) == 'close' ) { $data = $itsec_globals['data']; $data['tooltips_dismissed'] = true; update_site_option( 'itsec_data', $data ); } else { call_user_func_array( $this->tooltip_modules[ sanitize_text_field( $_POST['module'] ) ]['callback'], array() ); } die(); // this is required to return a proper result } [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+]Soecial Tnx:All Of Members Tonel Team [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]