facebook facebook twitter rss

Wordpress Awake2 Theme Arbitrary File Download Vulnerability

Author: sH@rk-Dz , Published: 22-07-2014
Bug Title: Wordpress Awake2 Theme Arbitrary File Download Vulnerability

author:sH@rk-Dz

Date :2014/07/22

Fb :ww.fb.com/hasni.dzshark

Dork:inurl:/wp-content/themes/awake2

Tested on : Windows
==========================================

Vul FiLe :

http://localhost/path/wp-content/themes/awake2/lib/scripts/dl-skin.php

at paramter we can download any file this the source of vulnerability

Descripiton :

$file = $_POST['_mysite_download_skin'];


readfile($file);

rrmdir($_POST['_mysite_delete_skin_zip']);
exit;
=============================================

Demo : http://www.hirondelle37.fr/wp-content/themes/awake2/lib/scripts/dl-skin.php

Demo2 : http://www.unforgettable-jewelry.com/finegifts/wp-content/themes/awake2/lib/scripts/dl-skin.php

Like us on Facebook :