WordPress 4.8.9 Rowe Themes Arbitrary File Download

2019.03.18
gb KingSkrupellos (GB) gb
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-23
Dork: inurl:''/wp-content/themes/rowe/''

############################################################################################ # Exploit Title : WordPress 4.8.9 Rowe Themes Arbitrary File Download # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 18/03/2019 # Vendor Homepage : rowesa.co.za ~ knack.digital knakdigital.com - wordpress.org # Software Information Link : rowesa.co.za/#design-companies # Software Affected Version : 4.8.9 # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/themes/rowe/'' intext:''Website designed by KNACK DIGITAL" # Vulnerability Type : CWE-200 [ Information Exposure ] CWE-23 [ Relative Path Traversal ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos ############################################################################################ # Impact : *********** * WordPress 4.8.9 Rowe Themes is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the web server process and obtain potentially sensitive informations. * An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. * The software has Relative Path Traversal vulnerability and it uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. ############################################################################################ Vulnerable File : ***************** /download.php Vulnerable Parameter : ******************** ?download_file= # Arbitrary File Download Exploit : ******************************* /wp-content/themes/rowe/download/download.php?download_file=[FILENAME] ############################################################################################ # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ############################################################################################


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top