Wordpress FancyBox For Wordpress Plugin Full Path Disclosure

2016.11.22

Iran Cyber Security Group (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:"wp-content/plugins/fancybox-for-wordpress"

========================================================================
| # Title : Wordpress FancyBox For Wordpress Plugin Full Path Disclosure
| # Author : Iran Cyber Security Group
| # email : judgment6565@gmail.com
| # Tested on : windows 8.1
| # Date : 22 November 2016
| # Dork : inurl:"wp-content/plugins/fancybox-for-wordpress"
========================================================================
| # Vulnerable File : http://localhost/wp-content/plugins/fancybox-for-wordpress/lib/admin-head.php
| # You Can See The Full Path On Here !!!
========================================================================
| # Demo :
| # http://www.nikkeiplace.org/wp-content/plugins/fancybox-for-wordpress/lib/admin-head.php
| # http://www.mmogp.ca/wp-content/plugins/fancybox-for-wordpress/lib/admin-head.php
========================================================================
| # By C10N3R Se7eN
| # Greetz To : MOHAMAD-NOFOZI, root3r, Sir.H4m1d, Kamran HellisH, C10N3R Se7eN, Jok3r And All Members OF Iran Cyber Security Group
| # Telegram : @Zehniat | Mail : Salmandt7@yahoo.com
========================================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wordpress FancyBox For Wordpress Plugin Full Path Disclosure

Dork: inurl:"wp-content/plugins/fancybox-for-wordpress"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.