WordPress Plugin Zingiri Forums – ‘language’ Local File Inclusion

• Exploit Database
• 15 阅读

• 作者： Amirh03in
  日期： 2012-12-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38101/

• source: https://www.securityfocus.com/bid/56777/info
  
  The Zingiri Forums plugin for WordPress is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
  
  An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks. 
  
  http://www.example.com/wp-content/plugins/zingiri-forum/mybb/memberlist.php?language=[Directory or file]