FullSecurity Team Discover WordPress LFI Vuln

Hackers from Iranian FullSecurity.org team have made discover of vulnerability in WordPress:

WordPress mTheme-Unus Local File Inclusion Vulnerability

Local File Inclusion -LFI- is process of include files on server through web browsers Vulnerability occur is when page includes is not properly sanitized and allow directory traversal characters to be injected

WordPress Themes mTheme-Unus not filtering data so configuration file in the path is get < site.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php>

FullSecurity say:

Special Tnx To : Hack-By-Iran , Milad Hacking , iliya Norton , Parisa , Netc4t Ya Hossein <3

Details is here: http://iedb.ir/exploits-3857.html
FullSecurity home: www.FullSecurity.org

Leave a Reply

Your email address will not be published. Required fields are marked *