FullSecurity Team Discover WordPress LFI Vuln
Hackers from Iranian FullSecurity.org team have made discover of vulnerability in WordPress:
WordPress mTheme-Unus Local File Inclusion Vulnerability
Local File Inclusion -LFI- is process of include files on server through web browsers Vulnerability occur is when page includes is not properly sanitized and allow directory traversal characters to be injected
WordPress Themes mTheme-Unus not filtering data so configuration file in the path is get < site.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php>
FullSecurity say:
Special Tnx To : Hack-By-Iran , Milad Hacking , iliya Norton , Parisa , Netc4t Ya Hossein <3
Details is here: http://iedb.ir/exploits-3857.html
FullSecurity home: www.FullSecurity.org