The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and an simple dork will find affected sites.
http://[target]/wp-content/uploads/file-manager/log.txt