WordPress – KenBurner Slider Local File Inclusion (LFI)

Description

Kayran has detected that you’re using a Responsive KenBurner Slider WordPress Plugin.
This local file inclusion (LFI) vulnerability appeared due to a failure to properly sanitize user-supplied inputs to the ‘img’ parameter of the ‘image_view.class.php’ script.

By exploiting this vulnerability, attackers can download any file they please, even your wp-config.php file.
By doing so, he can steal the database’s credentials, which then allows him to initiate attacks against the website via the database.

Recommendation

To deal with it, upgrade this vulnerable KenBurner Slider WordPress Plugin to version 1.8, which is the version that this vulnerability got fixed.

References

https://arbitrary321.rssing.com/chan-37141670/latest.php

< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »