WordPress Themes download.php File Disclosure

Multiple WordPress themes suffer from an arbitrary file download vulnerability in download.php. These include Ultimatum, Medicate, Centum, Avada, Striking Theme & E- Commerce, cuckootap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Trinity, Lote27, and Revslider themes. Description: This exploit allows the attacker to exploit the flaw Arbitrary File Download in dozens of wordpress themes. Through regular expressions, the script will perform the check for each target url checking your wp-config.php file Regular expressions: preg_match_all ("(DB_NAME.*')", $body, $status ['DB_NAME']); preg_match_all ("(DB_USER.*')", $body, $status ['DB_USER']); preg_match_all ("(DB_PASSWORD.*')" , $body, $status ['DB_PASSWORD']); preg_match_all ("(DB_HOST.*')", $body, $status ['DB_HOST']); preg_match_all ("(DB_CHARSET.*')", $body, $status ['DB_CHARSET']); D O R K'S: WordPress Ultimatum Theme Arbitrary File Download Vendor Homepage:: http:// ultimatumtheme. com/ultimatum- themes/s WordPress Centum Theme Arbitrary File Download Vendor Homepage:: http:// themeforest.net/ item/centum- responsive- wordpress- theme/3216603 Google Dork:: "Index of" & /wp-content/ themes/Centum/ WordPress Avada Theme Arbitrary File Download Vendor Homepage:: http:// themeforest.net/ item/avada- responsive- multipurpose- theme/2833226 Google Dork:: "Index of" & /wp-content/ themes/Avada/ WordPress Striking Theme & E- Commerce Arbitrary File Download Vendor Homepage:: http:// themeforest.net/ item/striking- multiflex- ecommerce- responsive-wp- theme/128763 Google Dork:: "Index of" & /wp-content/ themes/striking_r/ WordPress Beach Apollo Arbitrary File Download Vendor Homepage:: https://www. authenticthemes. com/theme/apollo/ Google Dork:: "Index of" & /wp-content/ themes/ beach_apollo/ Dork Google: inurl:ajax-store- locator index of ajax-store- locator Vendor Homepage:: http:// codecanyon.net/ item/ajax-store- locator- wordpress/5293356 WordPress cuckootap Theme Arbitrary File Download Google Dork:: "Index of" & /wp-content/ themes/cuckootap/ Vendor Homepage:: http:// www.cuckoothemes .com/ WordPress IncredibleWP Theme Arbitrary File Download Vendor Homepage:: http:// freelancewp.com/ wordpress-theme/ incredible-wp/ Google Dork:: "Index of" & /wp-content/ themes/ IncredibleWP/ WordPress Ultimatum Theme Arbitrary File Download Vendor Homepage:: http:// ultimatumtheme. com/ultimatum- themes/s Google Dork:: "Index of" & /wp-content/ themes/ultimatum WordPress Medicate Theme Arbitrary File Download Vendor Homepage:: http:// themeforest.net/ item/medicate- responsive-medical- and-health- theme/3707916 Google Dork:: "Index of" & /wp-content/ themes/medicate/ WordPress Centum Theme Arbitrary File Download Vendor Homepage:: http:// themeforest.net/ item/centum- responsive- wordpress- theme/3216603 Google Dork:: "Index of" & /wp-content/ themes/Centum/ WordPress Avada Theme Arbitrary File Download Vendor Homepage:: http:// themeforest.net/ item/avada- responsive- multipurpose- theme/2833226 Google Dork:: "Index of" & /wp-content/ themes/Avada/ WordPress Striking Theme & E- Commerce Arbitrary File Download Vendor Homepage:: http:// themeforest.net/ item/striking- multiflex- ecommerce- responsive-wp- theme/128763 Google Dork:: "Index of" & /wp-content/ themes/striking_r/ WordPress Beach Apollo Arbitrary File Download Vendor Homepage:: https://www. authenticthemes. com/theme/apollo/ Google Dork:: "Index of" & /wp-content/ themes/ beach_apollo/ WordPress Trinity Theme Arbitrary File Download Vendor Homepage:: https:// churchthemes.net/ themes/trinity/ Google Dork:: "Index of" & /wp-content/ themes/trinity/ WordPress Lote27 Theme Arbitrary File Download Google Dork:: "Index of" & /wp-content/ themes/lote27/ WordPress Revslider Theme Arbitrary File Download Vendor Homepage:: http:// themeforest.net/ item/cuckootap- one-page-parallax- wp-theme-plus- eshop/3512405 Google Dork:: wp- admin & inurl:revslider_show _image #!/usr/ bin/php - q NAME*:
>>Sourch: http://khalil-shreateh.com/khalil.shtml/index.php/it-highlights/latest-vulnerabilities-and-exploits/257-wordpress-themes-download-php-file-disclosure.html