Have an account?
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
Who's Online (1)
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Web Application Security
FPD Recon Vulnerability On Wordpress 3.4.2
So i thought id share something which i stumbled upon earlier today, after a bit of research i discovered it wasn't just the site i was building that was vuln to Full Path Disclosure but almost all Wordpress sites.
As FPD isn't massively useful unless you'r gathering info i thought i'd share it with you guys.
So where can you find this vuln?
Most Wordpress themes include a functions.php file which links to other files and it's this file which has the vulnerability.
So just view the source of a wordpress site and visit the link of the CSS file, then change the CSS file name to [b]functions.php[/b].
If you need an example try my site that is no longer in use.
So if your looking to do a little recon on a wordpress site this should help you.
Add a Comment