WordPress Caulk Path Disclosure

2013-03-04T00:00:00
ID PACKETSTORM:120632
Type packetstorm
Reporter Rafay Baloch
Modified 2013-03-04T00:00:00

Description

                                        
                                            `*Title: Caulk Wordpress Theme Full Path Disclosure*  
  
*Description:*  
  
According to OWASP:  
  
“Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the  
path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain  
vulnerabilities, such as using the load_file() (within a SQL Injection)  
query to view the page source, require the attacker to have the full path  
to the file they wish to view.”  
  
*Proof of concept:*  
http://localhost/wp-content/themes/Caulk/  
  
  
*Fatal error: Call to undefined function get_header() in  
/homepages/13/d229281523/htdocs/ShowOff/wp-content/themes/Caulk/index.php  
on line 1*  
`