Skip to content

WordPress Relocate Upload Plugin 0.14 Remote File Inclusion

# Exploit Title: Relocate Upload WordPress plugin RFI
# Google Dork: inurl:wp-content/plugins/relocate-upload
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) @_supernothing)
# Software Link:
# Version: 0.14 (tested)


Vulnerable Code
// Move folder request handled when called by GET AJAX
if (isset($_GET['ru_folder']))
{ // WP setup and function access
define('WP_USE_THEMES', false);
require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameter


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.