sexta-feira, 2 de janeiro de 2015

Wordpress A.F.D Verification/ INURL - BRASIL - WORDPRESS THEMES DOWNLOAD.PHP FILE DISCLOSURE


Multiple WordPress themes suffer from an arbitrary file download vulnerability in download.php. These include Ultimatum, Medicate, Centum, Avada, Striking Theme & E-Commerce, cuckootap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Trinity, Lote27, and Revslider themes.

Multiple WordPress themes suffer from an arbitrary file download vulnerability in download.php. These include Ultimatum, Medicate, Centum, Avada, Striking Theme & E-Commerce, cuckootap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Trinity, Lote27, and Revslider themes.


------------------------------------------------------------------------------
# *NAME*:               Wordpress A.F.D Verification/ INURL - BRASIL
# *TIPE*:                   Arbitrary File Download
# *Tested on*:            Linux
# *EXECUTE*:         php exploit.php www.target.gov.us
# *OUTPUT*:           WORDPRES_A_F_D.txt
# *AUTOR*:             GoogleINURL
# *EMAIL*:              inurllbr@gmail.com
# *Blog*:                   http://blog.inurl.com.br
# *Twitter*:               https://twitter.com/googleinurl
# *Fanpage*:             https://fb.com/InurlBrasil
# *GIT: *                   https://github.com/googleinurl
# *YOUTUBE  *       https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
# *PACKETSTORMSECURITY:* http://packetstormsecurity.com/user/googleinurl/
#
------------------------------------------------------------------------------
#  Comand Exec Scanner INURLBR:
#
# ./inurlbr.php --dork 'inurl:/wp-content/themes/' -q 1,6 -s save.txt --comand-all "php exploit.php _TARGET_"
#
------------------------------------------------------------------------------
#
# Download Scanner INURLBR:
# https://github.com/googleinurl/SCANNER-INURLBR
#
------------------------------------------------------------------------------

Description:

This exploit allows the attacker to exploit the flaw Arbitrary File
Download in dozens of wordpress themes.
Through regular expressions, the script will perform the check for each
target url checking your wp-config.php file
Regular expressions:
preg_match_all("(DB_NAME.*')", $body, $status['DB_NAME']);
preg_match_all("(DB_USER.*')", $body, $status['DB_USER']);
preg_match_all("(DB_PASSWORD.*')", $body, $status['DB_PASSWORD']);
preg_match_all("(DB_HOST.*')", $body, $status['DB_HOST']);
preg_match_all("(DB_CHARSET.*')", $body, $status['DB_CHARSET']);

*D O R K'S:

WordPress Ultimatum Theme Arbitrary File Download
Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s


WordPress Centum Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
Google Dork:: "Index of" & /wp-content/themes/Centum/

WordPress Avada Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
Google Dork:: "Index of" & /wp-content/themes/Avada/

WordPress Striking Theme & E-Commerce Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
Google Dork:: "Index of" & /wp-content/themes/striking_r/

WordPress Beach Apollo Arbitrary File Download
Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
Google Dork:: "Index of" & /wp-content/themes/beach_apollo/

Dork Google: inurl:ajax-store-locator
index of ajax-store-locator
Vendor Homepage::
http://codecanyon.net/item/ajax-store-locator-wordpress/5293356

WordPress cuckootap Theme Arbitrary File Download
Google Dork:: "Index of" & /wp-content/themes/cuckootap/
Vendor Homepage:: http://www.cuckoothemes.com/

WordPress IncredibleWP Theme Arbitrary File Download
Vendor Homepage:: http://freelancewp.com/wordpress-theme/incredible-wp/
Google Dork:: "Index of" & /wp-content/themes/IncredibleWP/

WordPress Ultimatum Theme Arbitrary File Download
Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s
Google Dork:: "Index of" & /wp-content/themes/ultimatum

WordPress Medicate Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
Google Dork:: "Index of" & /wp-content/themes/medicate/


WordPress Centum Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
Google Dork:: "Index of" & /wp-content/themes/Centum/

WordPress Avada Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
Google Dork:: "Index of" & /wp-content/themes/Avada/

WordPress Striking Theme & E-Commerce Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
Google Dork:: "Index of" & /wp-content/themes/striking_r/

WordPress Beach Apollo Arbitrary File Download
Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
Google Dork:: "Index of" & /wp-content/themes/beach_apollo/

WordPress Trinity Theme Arbitrary File Download
Vendor Homepage:: https://churchthemes.net/themes/trinity/
Google Dork:: "Index of" & /wp-content/themes/trinity/

WordPress Lote27 Theme Arbitrary File Download
Google Dork:: "Index of" & /wp-content/themes/lote27/

WordPress Revslider Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
Google Dork:: wp-admin & inurl:revslider_show_image




Exploit::
http://pastebin.com/ZEnbxXXd
http://packetstormsecurity.com/files/129706/WordPress-Themes-download.php-File-Disclosure.html

3 comentários:

  1. TA DANDO ERRO AJUDA O EXPLOIT NAO PEGOU

    ResponderExcluir
    Respostas
    1. Tenta esse exploit original : http://pastebin.com/ZEnbxXXd
      Quando os admins do site packetstormsecurity uparam o código foi modificado algo pra entrar no padrão deles, então o código ficou com erro.

      Excluir
  2. I want to learn WordPress. But i need some help. Please advice me.
    leased line

    ResponderExcluir

............