Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtThiago Sena1337DAY-ID-28835
HistoryOct 22, 2017 - 12:00 a.m.

Wordpress Image Upload for BBPress Plugin - Full Path Disclosure Vulnerability

2017-10-2200:00:00
Thiago Sena
0day.today
46
JSON

Usage Info

About Failure:
The Full Path Disclosure vulnerability, when it occurs, exposes the full path of a particular file and the user on your server. These two information make life easier for an attacker. First he will know where the files are and his attempts will be directed. According to him, he can perform a brute-force attack and gain access to the server.

Example:

http://localhost/website.com/wp-content/plugins/image-upload-for-bbpress/bbp-image-upload.php

https://localhost/wp-content/plugins/image-upload-for-bbpress-pro/admin/display.php

https://localhost/wp-content/plugins/image-upload-for-bbpress-pro/admin/stats.php

https://localhost/wp-content/plugins/image-upload-for-bbpress-pro/admin/limits.php

#  0day.today [2018-01-17]  #
JSON