[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] New exploit for new vulnerability in WordPress Plugin + tutorial
I foun?t a new vulnerabiliti in a wordpress plugin called: ?Direct Download
This vulnerability allow you make an Remote LFI download, so, we can
download any in the server where we?re running this plugin, I foun?t this
vulnerability the last week and I reported this to Kameleon but i don?t know
if this bug is partched right now in a new versión.
I?ve been written an exploit to this plugin in Python. This exploit allow
- Test if the plugin exists in the server.
- Download any file from the server where the WordPress plugin is
- Select any option by default or make your own personalized
I published this exploit in my website today, here you?ve got the direct
Thanks for all!
-------- UPDATE --------
To see an completly tutorial about how to use this exploit you?ve got it in:
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/