API tools faq
paste
KingSkrupellos

WordPress 4.9.1 TradeLoop Themes Arbitrary File Download

KingSkrupellos
Mar 18th, 2019
59
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.35 KB | None | 0 0
raw download clone embed print report
  1. ############################################################################################
  2.  
  3. # Exploit Title : WordPress 4.9.1 TradeLoop Themes Arbitrary File Download
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 18/03/2019
  7. # Vendor Homepage : tradeloop.com
  8. # Software Information Link : tradeloop.com/w/?cta=wp-header-loggedout/what-we-do
  9. # Software Affected Version : 4.9.1
  10. # Tested On : Windows and Linux
  11. # Category : WebApps
  12. # Exploit Risk : Medium
  13. # Google Dorks : inurl:''/wp-content/themes/tradeloop/"
  14. # Vulnerability Type :
  15. CWE-200 [ Information Exposure ]
  16. CWE-23 [ Relative Path Traversal ]
  17. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  18. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  19. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  20.  
  21. ############################################################################################
  22.  
  23. # Impact :
  24. ***********
  25. * WordPress 4.9.1 TradeLoop Themes is prone to a vulnerability that lets attackers download arbitrary files because the application
  26.  
  27. fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the
  28.  
  29. web server process and obtain potentially sensitive informations. * An information exposure is the intentional or unintentional disclosure
  30.  
  31. of information to an actor that is not explicitly authorized to have access to that information. * The software has Relative Path Traversal
  32.  
  33. vulnerability and it uses external input to construct a pathname that should be within a restricted directory, but it does not
  34.  
  35. properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
  36.  
  37. ############################################################################################
  38.  
  39. # Vulnerable File :
  40. ****************
  41. /download.php
  42.  
  43. # Vulnerable Parameter :
  44. *********************
  45. ?download_file=
  46.  
  47. # Arbitrary File Download Exploit :
  48. *******************************
  49. /wp-content/themes/tradeloop/download.php?download_file=[FILENAME]
  50.  
  51. ############################################################################################
  52.  
  53. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  54.  
  55. ############################################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!