iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (2)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
FPD Recon Vulnerability On Wordpress 3.4.2
  • Mr. P-teoMr. P-teo
    Posts: 269
    So i thought id share something which i stumbled upon earlier today, after a bit of research i discovered it wasn't just the site i was building that was vuln to Full Path Disclosure but almost all Wordpress sites.

    As FPD isn't massively useful unless you'r gathering info i thought i'd share it with you guys.

    So where can you find this vuln?

    Most Wordpress themes include a functions.php file which links to other files and it's this file which has the vulnerability.

    So just view the source of a wordpress site and visit the link of the CSS file, then change the CSS file name to [b]functions.php[/b].

    If you need an example try my site that is no longer in use. http://urbanscoop.net

    So if your looking to do a little recon on a wordpress site this should help you.

    Skype: mrpt3o
    Twitter: MrPteo


    image
Add a Comment